Most phishing attacks lure corporate users with explicit content how to prevent phishing attacks

A majority of phishing attacks against corporate email addresses use indecent content and invitations to lure victims in, experts have claimed.

Researchers from the GreatHorn Threat Intelligence Team noticed the use of X-rated material in emails designed to lure employees increased 974% between May 2020 and April 2021.

They further observed these attacks targeted a broad spectrum of industries, and are often directed at male-sounding usernames in company email addresses. 

TechRadar needs you!
We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.

>> Click here to start the survey in a new window<<

“Call it what you will: business email compromise (BEC), phishing, spearphishing or whaling, all email-based cyberattacks have one thing in common: they use social psychology. The goal of the email attacker is to put the user off balance, causing an emotional reaction that gets them to open an email and take a compromising action,” GreatHorn noted in a post detailing this new trend in phishing attacks.

Honey traps

GreatHorn highlights two different campaigns in their post, that follow slightly different attack vectors, but with the same intention to use the gleaned information to either withdraw money, commit further frauds, or for blackmail.

In the first phase of the campaign, the user is invited to click on a link under the guise of salacious interactions or more explicit content.

Once clicked, the threat actors use email pass-through to get hold of the email address of the visitors, which can later be used for blackmail. 

The pages further invites the victims to divulge more information, including their address and credit card details under the guise of payment details, to roundup a successful phishing campaign.

social experiment by Livio Acerbo #greengroundit #techradar https://www.techradar.com/news/most-phishing-attacks-lure-corporate-users-with-explicit-content/