Study: Phishers becoming more sophisticated in attacks

Nearly half (42%) of those attacks went unreported and just over half (55%) of the phishers used lateral phishing strategies. Lateral phishing uses legitimate - or seemingly legitimate - email accounts to compromise contact lists. They use specific phrases and words that make it seem as if the hijacked email is from someone the target knows and trusts, fooling not only email users but some email protection systems.

The 10 most-used words in these lateral phishing attacks including Document, View, Attach, Click, Sign, Sent, Review, Share, Account, and Access - all words that many employees and consumers might think are legitimate 'asks' from their co-workers or trusted businesses.

"Over the course of the study, our researchers observed that nearly one-third (31%) of the attackers perpetrating these lateral phishing attacks used sophisticated tactics to increase the effectiveness of their phishing emails or hide evidence of their attacks," write the report authors.

For example nearly 20% of account hijackers responded to recipients' inquiries to reassure the victim that the email was legitimate, and nearly 20% of hijackers tried to manually delete the traces of their phishing attack.

According to Barracuda, the best tactics for fighting off phishing attacks remain properly training employees about security awareness, using advanced detection software to help identify suspicious activity, and to use strong two-factor authentication techniques on all digital devices.

More data from the Barracuda report can be accessed here.

Tags: Barracuda, email marketing, email security, email tips, email trends