What is Barrel Phishing?
Definition, Examples &
prevention strategies
This article offers a basic introduction to barrel phishing. We’ll explain how attackers use a ‘bait and hook’ email strategy to deceive their targets, and provide real-world examples to illustrate how these attacks unfold. Finally, we’ll provide practical advice on how to detect and prevent barrel phishing to ensure your organisation stays one step ahead of cybercriminals.
What is Barrel Phishing?
Also referred to as “double-barreled” phishing, barrel phishing is a more sophisticated form of phishing that involves two emails. The first email—often referred to as the “bait email”—attempts to establish a relationship with the recipient or trick them into believing the sender is a trusted source. Once the recipient’s guard is lowered, they’re sent a follow-up email where the actual phishing occurs, usually in the form of malicious links.
Examples of Barrel Phishing
These advanced phishing attacks often surprise employees who do not pay attention to the following emails.
Example 1: Fake Dropbox Emails
In this example of a barrel phishing attack, Hackers sent fake Dropbox emails to victims. These emails claimed that a file a colleague sent needed to be viewed in Dropbox because it was too large to be attached. Once users clicked the link, they were directed to a counterfeit Dropbox login page. It was a convincing replica of the normal login page; however, the URL was not a Dropbox destination.
Example 2: The urgent wire transfer
Another example of barrel phishing: Your name is Bob and you work for Joe Smith, your company’s CEO. A spear phisher sees you on LinkedIn and notices that you’re friends with Joe. He follows you on Facebook and reads about a project you’re working on at the office. The attacker then creates an email account under the name joesmith21@gmail.com. While real Joe is on vacation—information that the phisher has gleaned from Facebook—fake Joe sends you an email that says, “Ugh, Bob… I am on vacation, but I need a wire transfer of $100,000 to a contractor in China for our project. Please take care of it right away. Here are the wiring instructions.” If you’re not paying close attention, you might complete the fund transfer.
How to prevent barrel phishing
Employee awareness and training are key to preventing barrel phishing. Because these particular attacks are led long-term, employees need to pay attention to the history of conversations, context, and content of emails. The implementation of an anti-spear phishing software can help you automatically detect and block suspicious emails, so your employees are never put in a dangerous situation.
Learn about HORNETSECURITY’S SERVICES
Interested in Related Topics?
Did you like our contribution to Barrel Phishing? Then other articles in our knowledge base might interest you as well! We help you learn more about cybersecurity related topics such as Emotet, Trojans, IT Security, Cryptolocker Ransomware, Phishing, GoBD, Cyber Kill Chain and Computer Worms.