Lateral Phishing: How it acts

Undoubtedly one of the most present threats today is Phishing. As we know, it aims to steal user credentials and passwords. It is present at all levels and can be reached by email, social networks or by accessing fraudulent pages. However, there are different types of phishing attacks. In this article we will explain what Lateral Phishing is and why it is very dangerous in the face of user safety.

lateral phishing

The problem of phishing today

Hackers constantly seek ways to get the attention of users to carry out their attacks. They look for the bait that is successful for the victim to enter their data and access content that allows attackers to steal passwords.

It is true that defense techniques have improved in recent times. More and more tools are available to us to protect ourselves from such attacks and others. However, attackers also improve their techniques, logically. They are constantly looking for ways to adapt to the times and achieve greater success.

This is where the varieties of Phishing attacks that they can use and the methods for this come into play. We will explain what Lateral Phishing consists of and especially why it is more dangerous for users.

What is Lateral Phishing

Traditionally, Phishing messages are made from email accounts that pretend to be the original. This is important, since these are really sending an email from an account that is not legitimate. Of course, it looks for ways to look as much as possible. Maybe it adds a symbol, change a letter or number. But it is definitely not the original email account.

Logically, this can cause the alarms of the mail providers to go off and they detect it as spam or dangerous e-mail. Also the users themselves are increasingly aware and observe the directions to detect something strange.

The Lateral Phishing is an improvement of traditional attacks that seek to deceive the victim even more. In this case, it is an attack that has previously achieved control of an account. That is, let’s say that a cyber-criminal organization is looking for ways to steal the credentials of users of a certain company. What they do first is to take control of that company’s email account. In this way they can send e-mails to their workers or customers, as well as any user who has a relationship with them, without raising too many suspicions.

They basically use the account that victims can interpret as legitimate, like the official one, to carry out a Phishing attack. On the one hand, they avoid the possible blocking of the security measures of our email provider and that this email does not end up in the spam folder. On the other hand they can trick users even better to put their credentials and passwords.

A technique that increases the risk

No doubt this technique increases the risk of users. One of the most important issues to fall into or not in the Phishing trap is trust. The banks and organizations themselves warn their users not to open emails that do not come from their official addresses. Sometimes they even give a list of those emails that we can interpret as safe.

Now, what happens if one of those emails has been attacked and they send us an e-mail from that account? That’s where the risk is further extended. It is the technique that more and more hackers use quite successfully.

How to protect ourselves from Lateral Phishing

The first step is always to use common sense. Even if an email arrives from the official account asking us for information such as the password, we must never send them and in case of doubt we should always contact the organization.

It is advisable to always log in directly from the website. That is, the ideal is to enter the page directly from the browser and not from possible emails that we receive. We must always observe the link we are entering.

On the other hand, a good defensive barrier is to use two-factor authentication. This way even if they achieve our password, they cannot access the account. They would need second step for that.