A majority of phishing attacks against corporate email addresses use indecent content and invitations to lure victims in, experts have claimed.
Researchers from the GreatHorn Threat Intelligence Team noticed the use of X-rated material in emails designed to lure employees increased 974% between May 2020 and April 2021.
They further observed these attacks targeted a broad spectrum of industries, and are often directed at male-sounding usernames in company email addresses.
- We've put together a list of the best endpoint protection software
- Here's our choice of the best malware removal software on the market
- Shield yourself with these best identity theft protection services
“Call it what you will: business email compromise (BEC), phishing, spearphishing or whaling, all email-based cyberattacks have one thing in common: they use social psychology. The goal of the email attacker is to put the user off balance, causing an emotional reaction that gets them to open an email and take a compromising action,” GreatHorn noted in a post detailing this new trend in phishing attacks.
Honey traps
GreatHorn highlights two different campaigns in their post, that follow slightly different attack vectors, but with the same intention to use the gleaned information to either withdraw money, commit further frauds, or for blackmail.
In the first phase of the campaign, the user is invited to click on a link under the guise of salacious interactions or more explicit content.
Once clicked, the threat actors use email pass-through to get hold of the email address of the visitors, which can later be used for blackmail.
The pages further invites the victims to divulge more information, including their address and credit card details under the guise of payment details, to roundup a successful phishing campaign.
- Protect your devices with these best antivirus software
