There has been a lot of attention on the dangers and frequency of phishing attacks. Phishing is a type of cyberattack in which a malevolent actor sends an email that appears to be from a legitimate source with the intent of doing harm (i.e. stealing information, holding information ransom, etc.)
Thankfully, the increased awareness of phishing has led to a decrease in the success of these attacks. In response, hackers have modified the practice and have started launching “lateral phishing” attacks.
What is lateral phishing?
Lateral phishing attacks come from compromised email accounts within an organization the recipient is a part of, or from accounts that the recipient knows personally. So instead of an email being sent from an unknown address that appears legitimate, lateral phishing emails come from accounts that the recipient knows to be legitimate (e.g. a co-worker, familiar vendors, or even personal friends). As a result, these types of attacks are almost always successful.
How To Protect Yourself and Your Business
It can be difficult to identify these attacks before becoming a victim. After all, if you see an email come in from a person you know, it most likely doesn’t trigger any suspicion. As lateral phishing attacks increase, users should be increasingly mindful and cautious.
There are three main strategies for protection:
- Security Awareness Training: Training should occur regularly, as hackers are consistently updating their strategies. Precautionary measures developed in response to phishing will not prevent lateral phishing. If an email comes from a familiar address, the recipient should still check the legitimacy of links and files included in the email. Email the sender to double-check if they sent the email before opening links or downloading files.
- Advanced Detection Techniques: Business owners should prioritize security and invest in tools to help protect the integrity and security of their networks.
- Two Factor Authentication: We’ve discussed 2FA in previous blogs. While some hackers have found ways to surpass this mechanism, it still offers protection if used properly in conjunction with other security measures that should be put in place and maintained.
If you have any questions about security measures you can take to protect your accounts or small business, or if you believe you have been a victim of a cyberattack, please contact us by calling 888-691-9319, or fill out this short form to get started.