Lateral Phishing – Malevolent Emails From Trusted Accounts

Table of Contents
There has been a lot of attention on the dangers and frequency of phishing attacks and the threat they pose for small businesses and our personal online identity. Phishing is a type of cyberattack in which a malevolent actor sends an email that appears to be from a legitimate source with the intent of doing harm (i.e. stealing information, holding information ransom, etc.)
Thankfully, the increased awareness of phishing has led to a decrease in the success of these attacks. In response, hackers have modified the practice and have started launching “lateral phishing” attacks.
What is lateral phishing?
Lateral phishing attacks come from compromised email accounts within an organization the recipient is a part of, or from accounts that the recipient knows personally. So instead of an email being sent from an unknown address that appears legitimate, lateral phishing emails come from accounts that the recipient knows to be legitimate (e.g. a co-worker, familiar vendors, or even personal friends). As a result, these types of attacks are almost always successful.
How To Protect Yourself and Your Business
It can be difficult to identify these attacks before becoming a victim. After all, if you see an email come in from a person you know, it most likely doesn’t trigger any suspicion. As lateral phishing attacks increase, users should be increasingly mindful and cautious.
There are three main strategies for protection:
- Security Awareness Training: Training should occur regularly, as hackers are consistently updating their strategies. Precautionary measures developed in response to phishing will not prevent lateral phishing. If an email comes from a familiar address, the recipient should still check the legitimacy of links and files included in the email. Email the sender to double-check if they sent the email before opening links or downloading files.
- Advanced Detection Techniques: Business owners should prioritize security and invest in tools to help protect the integrity and security of their networks.
- Two Factor Authentication: We’ve discussed 2FA in previous blogs. While some hackers have found ways to surpass this mechanism, it still offers protection if used properly in conjunction with other security measures that should be put in place and maintained.
The sooner you take steps to increase cybersecurity, the more prepared you’ll be when a threat arises. Contact our experienced attorneys today!
If you have any questions about security measures you can take to protect your accounts or small business, or if you believe you have been a victim of a cyberattack, please contact us by calling 888-904-2951, or fill out this short form to get started.
Visit these links for related information
Cybersecurity & Data Privacy
How Often Should I Update My Passwords?
Hacks From The Past Can Still Be A Threat Today

Written By Kellam T. Parks
Kellam founded what is now Parks Zeigler, PLLC in 2012 to embrace modern technologies to best serve clients. This passion for technology led to the formation of the Cybersecurity/Data Privacy practice area making the firm a leader in helping businesses protect themselves and respond to incidents. When he’s not practicing law in this area and handling high-asset divorces, Kellam manages the firm with his co-owner, Brandon Zeigler, contributes to local and state-wide Bar associations, and frequently writes and speaks to audiences across a variety of sectors and geographic locations, including nationally on the topics of Cybersecurity/Data Privacy, digital evidence, law firm management, and technology/AI.
Recent Resource Articles
