What is barrel phishing?

Barrel phishing is becoming a more prominent form of phishing and is often targeting organisations and businesses worldwide.

01-09-2022 - 6 minute read. Posted in: phishing.

What is barrel phishing?

Hackers use several types of phishing techniques to steal information from organisations and individuals. Barrel phishing is rapidly becoming more prominent and is more frequently targeting organisations worldwide.

Phishing around the world

Phishing has been around since the mid-1990s, and there's no sign of it going away anytime soon. According to research from the FBI, there have been more than 11 times as many phishing complaints in 2020 compared to 2016 in the US.

These phishing attacks are also becoming harder to penetrate due to their complexity. Cybercriminals perfect scams by spending time creating emails that both look authentic and contain real information specific to the recipient.

Every modern business today is threatened by cyber attacks, including the theft of valuable and personal information or money. Hackers use several different types of phishing techniques to steal as much information as possible from organisations.

Cybercriminals are now also using two-step scams to build trust with their victims. These attacks are known as double-barrel phishing or barrel phishing. Barrel phishing is one of the techniques that can lead to hackers gaining access to company information or systems through their employees.

What is the technique of barrel phishing?

Unlike common spear phishing attempts, which generally consist of sending a well-written email to a specific target, cyber criminals invest more time in building relationships with barrel phishing.

Barrel phishing is a cyber attack that hits people with two separate phishing emails, a technique that distinguishes it from other types of phishing. The first email is not always malicious; it is often just "bait" to lure the recipient into thinking it comes from a trusted source, such as a friend or colleague.

Shortly after, the hacker will follow up with a more aggressive email containing malicious content, such as a link to a phishing website or an attachment infected with malware. These tactics can lead to unaware or unwary recipients giving their information to cyber criminals, putting their data and business at risk.

Example of a barrel phishing attack

Email 1:

The first email is benign or as previously mentioned, the "bait". It does not contain malicious links or attachments and does not request any response from the recipient. Scammers can impersonate someone the recipient knows or works with by using an appropriate signature and similar email address, adding to the legitimacy of the message. An example is the message:

"Hi, are you at the office? I need you to do me a quick favour. "

The purpose of this email is to build trust with the victim by setting up a believable scenario. The second email, however, is more like traditional spear phishing emails.

Email 2:

The hacker waits a while before sending the next email to make the situation more realistic. Then comes the follow-up email. For example, to elaborate on the scenario in the first email, the hacker might write:

"Hi again, can you please review this report right away. Thank you!"

Unlike the first email, this message will contain a malware attachment or a link that takes the recipient to a fake website. This is the "attack" part of the phishing attempt.

If the email contains a link that takes the recipient to a fake website, the recipient will have to enter some personal or confidential information that the criminal can then exploit.

If the email contains an attachment, it is most likely infected with malware ('malicious software') that will be downloaded to the recipient's computer. The malware can then gain access to the computer's systems.

What makes barrel phishing dangerous?

The main reason why this type of phishing scam is successful is the combination of content, context and emotional manipulation.

In the content and context part of the messages, cybercriminals manipulate recipients into believing that there is a credible connection between both parties. Typically, time pressure is included in the second email, which acts as an emotional driver to make the recipient act immediately without thinking. Emotions are further heightened when the email comes from a colleague or friend who appears to be asking for urgent help. It is natural that the recipient would want to help in such a situation.

The criminal may gain access to personal information or gain access to the victim's entire network if the criminal can manipulate the victim into performing the desired action, which can have major consequences for both the person and his or her business.

How to protect yourself from barrel phishingattack

Here are three simple tips you can follow to protect yourself from barrel phishing attempts:

Know the signs of a fake message

Although barrel phishing is an effective way for hackers to find their way to your inbox, there is no risk of consequences if there is no human response to the emails. You therefore need to know how to identify a phishing email.

Here is a short list of points you can use to distinguish phishing emails from legitimate ones:

  • Check the email address, not just the sender name, as it could be anything.

  • Look for spelling mistakes and grammar/tone inconsistencies if the sender is someone you know.

  • Hover your mouse over links (on the computer) to see the full URL - if it's not the same as the hyperlink shown, don't click it

If something doesn't look right after you've gone through these points, report the email as spam or phishing immediately and notify your company if you received the email on your work email.

Think and use your common sense

Hackers often try to create time pressure and look for an immediate reaction from the recipient. Before clicking on a link, take a step back and analyse the message and its content. Does the request seem reasonable? Does the content make sense?

Is it in line with your organisation and its protocols? If not, never click on anything. Instead, make sure you get confirmation from the supposed sender by either calling the person/organisation or by going to the website of the specified organisation.

Invest in better email security

As fraudsters adapt their methods to become more "human", traditional spam filters may not be able to identify and block all cyber threats or spam messages.

Organisations can use advanced email security solutions with dynamic file and URL analysis to identify these email attacks before they even reach the recipient's inbox. This preventative measure reduces the need to rely on your employees' ability to detect these sophisticated phishing attacks. But it's not a foolproof solution, so all employees still need to be vigilant when receiving emails.

Author Sofie Meyer

Sofie Meyer

Sofie Meyer is a copywriter and phishing aficionado here at Moxso. She has a master´s degree in Danish and a great interest in cybercrime, which resulted in a master thesis project on phishing.

View all posts by Sofie Meyer

Similar posts