What is barrel phishing?

Barrel phishing is becoming a more prominent form of phishing and is often targeting organisations and businesses worldwide.

01-09-2022 - 10 minute read. Posted in: phishing.

What is barrel phishing?

What is barrel phishing?

Hackers use several types of phishing techniques to steal information from organisations and individuals. Barrel phishing is rapidly becoming more prominent and is more frequently targeting organisations worldwide.

Barrel phishing is one of the many phishing scams that cybercriminals use to deceive victims and steal sensitive information.

Definition and explanation

Barrel phishing, also known as double-barrel phishing, is a sophisticated type of phishing attack that employs a conversational approach to deceive victims. Unlike traditional phishing attacks that might immediately present a threat, barrel phishing attacks start with an initial email that appears completely benign. This first email is designed to build trust and often mimics a message from a trusted source, such as a coworker, partner, or executive within the organization. The initial message does not contain any malicious content, which lowers the victim’s guard and makes them more susceptible to the subsequent attack.

Phishing around the world

Phishing has been a persistent cyber threat since it first emerged in the mid-1990s, and it shows no signs of slowing down. FBI research reveals a staggering increase in phishing activity, with over 11 times more complaints reported in 2020 compared to 2016 in the United States.

Phishing awareness is crucial for employees to recognize and respond to phishing messages effectively, reducing the risk of successful attacks. These phishing attacks are also becoming harder to penetrate due to their complexity. Cybercriminals perfect scams by spending time creating emails that both look authentic and contain real information specific to the recipient.

Every modern business today is threatened by cyber attacks, including the theft of valuable and personal information or money. Hackers use several different types of phishing techniques, including sophisticated phishing messages, to steal as much information as possible from organizations.

Cybercriminals are now also using two-step scams to build trust with their victims. These attacks are known as double-barrel phishing or barrel phishing. Barrel phishing is one of the techniques that can lead to hackers gaining access to company information or systems through their employees.

What is the technique of barrel phishing?

Unlike typical spear phishing, which usually involves sending a single convincing email to a specific target, barrel phishing requires cybercriminals to dedicate more time to establishing trust and building a relationship with the victim.

Barrel phishing is a cyber attack that hits people with two separate phishing emails, a technique that distinguishes it from other types of phishing. The first email is not always malicious; it is often just “bait” to lure the recipient into thinking it comes from a trusted source, such as a friend or colleague.

Shortly after, the hacker will follow up with a more aggressive email containing malicious content, such as a link to a phishing website or an attachment infected with malware. These tactics can lead to unaware or unwary recipients giving their information to cyber criminals, putting their data and business at risk. Phishing simulations can be an effective training tool to help employees recognize and respond to these types of phishing emails.

How Barrel phishing attacks work

Barrel phishing attacks operate through a two-stage process aimed at gaining the victim’s trust before delivering the malicious payload. The first stage involves sending an initial email that appears legitimate and trustworthy. This email might request some non-sensitive information or simply engage the recipient in a harmless conversation. Crucially, this email does not contain any malicious content, which helps to establish credibility. The second stage follows with a more aggressive email that includes malicious content, such as a link to a phishing website or an attachment infected with malware. When the recipient clicks on the malicious link or opens the attachment, their device can become compromised, or sensitive information can be stolen.

Example of barrel phishing attacks

Email 1:

The first email is benign or as previously mentioned, the “bait”. It does not contain malicious links or attachments and does not request any response from the recipient. Scammers can impersonate someone the recipient knows or works with by using an appropriate signature and similar email address, adding to the legitimacy of the message. An example is the message:

“Hi, are you at the office? I need you to do me a quick favour.“

The purpose of this phishing message is to build trust with the victim by setting up a believable scenario. The second email, however, is more like traditional spear phishing emails.

Email 2:

The hacker waits a while before sending the next email to make the situation more realistic. Then comes the follow-up email. For example, to elaborate on the scenario in the first email, the hacker might write:

“Hi again, can you please review this report right away. Thank you!”

The second email is different – it contains either a harmful attachment or a link to a fake website. This is where the actual phishing attack happens.

If the email contains a link that takes the recipient to a fake website, the recipient will have to enter some personal or confidential information that the criminal can then exploit.

If the email contains an attachment, it is most likely infected with malware (‘malicious software’) that will be downloaded to the recipient’s computer. The malware can then gain access to the computer’s systems.

What makes barrel phishing dangerous?

The main reason why this type of phishing scam is successful is the combination of content, context and emotional manipulation.

Training employees to detect phishing is essential to prevent these attacks from succeeding.

In the content and context part of the messages, cybercriminals manipulate recipients into believing that there is a credible connection between both parties. Typically, time pressure is included in the second email, which acts as an emotional driver to make the recipient act immediately without thinking. Emotions are further heightened when the email comes from a colleague or friend who appears to be asking for urgent help. It is natural that the recipient would want to help in such a situation.

The criminal may gain access to personal information or gain access to the victim’s entire network if the criminal can manipulate the victim into performing the desired action, which can have major consequences for both the person and his or her business.

If you’re interested in the psychology behind these tactics, explore our blog on social engineering.

Most targeted industries

Barrel phishing attacks can target any industry, but some sectors are more frequently targeted due to the sensitive nature of the information they handle. These include:

  • Financial institutions: These organizations are prime targets because they manage sensitive financial data and personal information.

  • Healthcare organizations: Healthcare providers are targeted for their access to confidential patient information, which can be highly valuable on the black market. Learn more about the Top 5 cyber threats in healthcare.

  • Retail companies: Retailers often handle a large volume of customer data, including payment information, making them attractive targets.

  • E-commerce platforms: These platforms are targeted for their extensive customer databases and financial transaction records.

How to protect yourself from barrel phishing attacks

To safeguard against barrel phishing attacks, it’s essential to be vigilant and proactive. Here are some tips to help you stay protected:

  • Be cautious of suspicious emails: Look out for emails with spelling or grammar mistakes, even if they appear to be from a known source.

  • Beware of urgency: Be wary of emails that create a sense of urgency or pressure you to take immediate action.

  • Avoid clicking unknown links: Never click on links or open attachments from unknown or unverified sources.

  • Use advanced email security solutions: Implement advanced email security solutions that can detect and block phishing attacks before they reach your inbox.

  • Conduct regular security training: Regularly educate employees on how to detect and prevent phishing attacks through security awareness training.

How to protect yourself from barrel phishingattack

Here are three simple tips you can follow to protect yourself from barrel phishing attempts:

  • Be cautious of unsolicited emails and avoid clicking on suspicious links.

  • Verify the sender's email address and look for any inconsistencies.

  • Use an advanced email security solution to detect and block phishing attacks before they reach your inbox.

Know the signs of malicious links

Although barrel phishing is an effective way for hackers to find their way to your inbox, there is no risk of consequences if there is no human response to the emails. You therefore need to know how to identify a phishing email.

Here is a short list of points you can use to distinguish phishing emails from legitimate ones:

  • Check the email address, not just the sender name, as it could be anything.

  • Look for spelling mistakes and grammar/tone inconsistencies if the sender is someone you know.

  • Hover your mouse over links (on the computer) to see the full URL - if it's not the same as the hyperlink shown, don't click it

If something doesn't look right after you've gone through these points, report the email as spam or phishing immediately and notify your company if you received the email on your work email.

Think and use your common sense

Hackers often try to create time pressure and look for an immediate reaction from the recipient. Before clicking on a link, take a step back and analyse the message and its content. Does the request seem reasonable? Does the content make sense?

Is it in line with your organisation and its protocols? If not, never click on anything. Instead, make sure you get confirmation from the supposed sender by either calling the person/organisation or by going to the website of the specified organisation.

Invest in an advanced email security solution

As fraudsters adapt their methods to become more "human", traditional spam filters may not be able to identify and block all cyber threats or spam messages.

Organisations can use advanced email security solutions with dynamic file and URL analysis to identify these email attacks before they even reach the recipient's inbox. This preventative measure reduces the need to rely on your employees' ability to detect these sophisticated phishing attacks. But it's not a foolproof solution, so all employees still need to be vigilant when receiving emails.

What to do if you’ve fallen victim

If you suspect you’ve fallen victim to a barrel phishing attack, it’s crucial to act quickly to minimize potential damage. Here are the steps you should take:

  • Report the incident: Immediately inform your organization’s IT department or security team about the breach.

  • Change passwords: Update your passwords and login credentials to prevent further unauthorized access.

  • Run a virus scan: Perform a thorough virus scan on your device to detect and remove any malware.

  • Monitor accounts: Keep a close eye on your accounts and credit reports for any unusual or suspicious activity.

  • Educate yourself: Learn more about phishing attacks and how to recognize them to avoid falling victim in the future.

By following these steps and staying vigilant, you can protect yourself and your organization from the growing threat of barrel phishing attacks. For more guidance on recovery, check out our blog on what to do if you’ve been hacked.

This post has been updated on 20-01-2025 by Sofie Meyer.

Author Sofie Meyer

Sofie Meyer

Sofie Meyer is a copywriter and phishing aficionado here at Moxso. She has a master´s degree in Danish and a great interest in cybercrime, which resulted in a master thesis project on phishing.

View all posts by Sofie Meyer

Similar posts