Barracuda intel exposes how cybercriminals are using email account takeover to launch lateral phishing attacks

New report looks at evolving email threats, the latest tactics used by scammers, and how to protect your business

CAMPBELL, Calif., August 15, 2019 —


  • Email account takeover and lateral phishing represent a growing threat to enterprise organizations
  • Attackers follow four primary strategies to choose target recipients of lateral phishing attacks
  • In about one-third of email account takeover attacks, cybercriminals use additional deceptive behavior to make their lateral phishing emails stealthier or more convincing

Barracuda, a trusted partner and leading provider of cloud-enabled security solutions, today released a new report with key findings about the evolving email threat environment. The latest report, titled Spear Phishing: Top Threats and Trends Vol. 2 - Email Account Takeover: Defending Against Lateral Phishing, reveals new details about these growing and evolving threats, including the latest tactics used by cybercriminals and the critical precautions to help defend your business.

See the full report: 

The report takes an in-depth look at how compromised email accounts are being used to launch targeted lateral phishing attacks that are designed to evade many existing email protection systems, and which advanced detection techniques, security awareness training, and other strategies and solutions businesses are using to prevent attacks.

A Closer Look at Evolving Threats

Barracuda’s research uncovered fresh insights into how these popular attacks are evolving and the tactics used by cybercriminals to try to make them successful.

  • 1 in 7 businesses experienced lateral phishing attacks in a seven-month period, based on a random sample of enterprise organizations.
  • More than 60 percent of organizations that were attacked experienced multiple incidents.
  • About 11 percent of attacks managed to successfully compromise additional employee accounts.
  • 42 percent of the lateral phishing incidents weren’t reported to the organization’s IT or security team.
  • More than 55 percent of the lateral phishing attacks targeted recipients with some personal or work relationship to the hijacked email account.
  • 37 percent of lateral phishing attacks used tailored content that was enterprise-oriented or highly specific to the victim’s organization.
“Email threats, including account takeover and lateral phishing, continue to evolve, and cybercriminals continue to find new ways to execute attacks, avoid detection, and trick users,” said Mike Flouton, vice president of email security at Barracuda Networks.“Staying ahead of these types of attacks requires an understanding of the latest tactics being used by cybercriminals and the critical precautions available to help defend your business.”

Download the full report:
Read the blog post:

About Barracuda
At Barracuda, we strive to make the world a safer place. We believe every business deserves access to cloud-enabled, enterprise-grade security solutions that are easy to buy, deploy and use. We protect email, networks, data and applications with innovative solutions that grow and adapt with our customers’ journey. More than 150,000 organizations worldwide trust Barracuda to protect them — in ways they may not even know they are at risk — so they can focus on taking their business to the next level. Get more information at
Barracuda Networks, Barracuda and the Barracuda Networks logo are registered trademarks or trademarks of Barracuda Networks, Inc. in the U.S. and other countries.

Read more.