Advanced phishing

What’s “double-barrel phishing” – and should you be concerned?

by Egress
Published on 9th Jul 2021

Phishing has been around since the mid-1990s, and it’s not going away anytime soon. In fact, the FBI said there were more than 11 times as many phishing complaints in 2020 compared to 2016.

These phishing attacks are also becoming more difficult to spot due to their complexity. Cybercriminals are perfecting scams by spending time crafting authentic-looking emails — and that’s not all. They’re now also using two-step scams to build trust with their victims. These attacks are known as double-barrel phishing.

What is double-barrel spear phishing?

Unlike standard spear phishing attempts, which generally consist of sending one email to a specific target, double-barrel phishers invest more time in building relationships.

As the name suggests, the double-barrel tactic involves sending two separate emails to a victim to establish trust and lend to the authenticity of the emails.

Email 1:

The first email is benign. In other words, it’s the bait. It doesn’t contain malicious links or attachments and doesn’t solicit any response from the recipient. Scammers may impersonate somebody you know or work with — using an appropriate signature and similar email address — which adds to the legitimacy of the scheme, for example:

 “Hello, are you in the office? I need a quick favor.”

The purpose of this email is to establish trust with the victim by setting up a credible scenario. However, the second email is more sinister.

Email 2:

The phisher will wait a while before sending the next email to make the situation more realistic. Then comes the follow-up email. For example, in reply to the previous scenario, the attacker may reply: 

“Hi again, could you please review this report ASAP. Thanks.”

Unlike the first email, this message will contain a malware-laden attachment or a link that takes you to a spoof website. This is the “attack” portion of the scheme.

What makes double-barrel phishing so dangerous?

The main driver of this phishing scam’s success is the combination of content, context, and emotional motivators. 

In the “world-building” part of the scheme, phishers manipulate victims into thinking that there’s a credible link between both parties. The urgency involved in the second step acts as an emotional driver that tricks people into making instant decisions without thinking. Emotion is heightened even further when the email comes from a co-worker that’s seemingly asking for urgent assistance. It’s human nature to want to help in this case.

The attacker could gain access to personal information or penetrate the victim’s entire network if the attacker manipulates the victim into taking the desired action, which can have disastrous effects on a company. 

How to prevent double-barrel phishing attacks

Here are three simple steps you can take to stay protected from double-barrel phishing attempts:

Know the signs

Although double-barrel phishing is an effective way for attackers to creep into your inbox, there’s no risk without a human reaction. You, therefore, need to know how to spot a phishing email to detect any scams. Here’s a short checklist you can use to distinguish phishing scams from authentic requests:

  • Check the email address, not just the display name, as this can be altered.
  • Look for spelling errors and inconsistencies in tone of voice if the sender is someone you know
  • Hover over links to reveal its true destination — if it’s not the same as the displayed link, don’t click it

If something doesn’t seem right after going through this checklist, report it to your security team immediately so they can take the appropriate action.

Think before acting

Phishers often attempt to create urgency and trigger an immediate, almost auto-pilot, response. Before clicking on any links, take a step back and analyze the situation with a clear head. Does the request seem reasonable? Is it in line with company protocol? If not, don’t touch it. Instead, seek verification from the supposed sender over the phone. It’s better to be safe than sorry when it comes to data security.

Invest in smarter email security

As scammers adapt their practices to become more “human,” traditional spam filters may fail to identify and weed out every threat. The Egress Defend tool, on the other hand, analyzes the content and context of the email, flagging even the most sophisticated of phishing scams to the user as they enter their mailbox. With real-time guidance on why an email is a threat, Egress Defend empowers users to become the first line of cybersecurity defense.

Learn more about phishing threats

To stay fully protected against ever-evolving cybersecurity risks, keep up to date on the latest phishing tactics and explore our phishing hub for helpful advice.

Related articles

Devices555x300

Stop phishing emails across all devices: Mobile, desktop, web and tablet

Find out how Egress Defend protects your people from advanced phishing threats on any device. 
Impersonationattack555x300

What is an impersonation attack?

Impersonation is a dangerous phishing tactic. Learn how to recognise and prevent attacks. 
1432 Fighting Phishing Report Web Imagery Resources 555X319 (002)

Fighting phishing report launch

From ransomware to payment scams, the risk of phishing continues to rise.  In our new report, we detail the percentage of businesses that have purchased cyber security insurance, invested in forensic investigation, and retained legal counsel to combat phishing attacks.  Read first-hand responses from IT leaders on their personal experiences with phishing attacks.
Linkedinphishing555x300

LinkedIn phishing attacks up 232% in February

The attacks we have seen are bypassing traditional email security defenses to be delivered into people’s inboxes. Without technology deployed within the mailbox to help them detect attacks, it can be difficult for individuals to avoid falling victim. You can see in the screengrabs provided that Egress Defend has alerted the recipient to the attack within their inbox.