skip to Main Content
+44 (0) 1628 308038

Email Account Takeover and Lateral Phishing Attacks Increase Risk to Enterprises

Phishing Attacks

The latest method of attack uses sender familiarity to lower victim defenses and increase the potential for scams, attacks, or fraud to succeed.

The goal of a phishing attack is to get the potential victim to take an action desired by the attacker – clicking a link, opening an attachment, providing credentials, etc. What better way to convince a victim to do so than by sending the email from someone they regularly correspond with?

That’s the premise of the growing trend of lateral phishing attacks. According to new research from security vendor Barracuda, one of the growing trends is the leveraging of compromised email from one user to spread an attack to other users via additional phishing emails.

According to the report:

1 in 7 organisations have experienced email account takeover attacks

60 percent of attacked organisations had multiple compromised employee accounts used to send lateral phishing attacks

55% of targets have a personal or work relationship to the hijacked account

Nearly all attacks occur during normal work hours

One-third of attacks used stealth techniques such as responding to replies and actively deleting traces of email conversations

Users today can no longer assume that emails even coming from people they know are legitimate. With two-thirds of the emails used in these scams containing generic content, users can be taught using Security Awareness Training to scrutinise the email’s content and to use a different medium to contact the sender to validate the email message.

Request Your Security Awareness Training Quote


Old-school awareness training does not hack it anymore. Your email filters have a ~10% failure rate; you need a strong human firewall as your last line of defense. KnowBe4 is your platform for new-school security awareness training. We help you keep your users on their toes with security top of mind. You simply have got to start training and phishing your users ASAP. If you don’t, the bad guys will. Find out how affordable this is for your organisation and be pleasantly surprised.

Don’t like to click on redirected buttons? Cut & Paste this link in your browser:

Close search


Back To Top