Skip to content

What is Barrel Phishing or Double-Barrel Phishing?

Home  /  SafeTitan Security Awareness Training  /  What is Barrel Phishing or Double-Barrel Phishing?

What is Barrel Phishing or Double-Barrel Phishing?

Phishing is the most common way to carry out a scam or prepare the groundwork for a cyber-attack. However, there are many variants on the phishing theme, with Barrel phishing or "Double-Barrel" phishing becoming more popular amongst cybercriminals. Barrel phishing is a type of phishing that uses the psychological factors inherent in social engineering to ensure a successful scam.

Research shows that phishing continues to threaten businesses worldwide, with US Cybersecurity and Infrastructure Security Agency (CISA) researchers finding that at least one person in 80% of organizations fell victim to a simulated phishing attempt by CISA Assessment teams. Barrel phishing and other forms of phishing are often used to steal login credentials to allow unauthorized access. The Ponemon Institute found that 54% of security incidents were caused by credential theft. Credential theft is serious in all industries, but in 81% of FTSE 100 companies, at least one credential is compromised and exposed on the dark web. 

The CISA and the FBI regularly urge companies to provide security awareness training to prevent phishing attacks such as Barrel phishing.

How Does Barrel Phishing Work?

Phishing is a tactic that works by building trusted relationships with the victim; Barrel phishing is an innovation in this relationship-building exercise. The uniqueness of Barrel phishing is that the victim is targeted with more than one (usually two) email to establish trust and execute the phish. Trust is a core value in both the real world and digital interactions, so focusing on building this trust by scammers is a shrewd move. When a Barrel phishing scam is developed, the fraudsters will use an initial 'bait' email to establish a relationship with the target. This technique relies on developing this trusted connection with the victim, which is then followed by a malicious 'sting in the tail', which is used to execute data theft.

Like many sophisticated cyber-attacks, Barrel phishing works by conducting a series of steps to manipulate the victim, this time with the goal of data theft:

Email one - the bait: the initial Barrel phishing email is carefully constructed to reflect a brand or company known to the victim, for example, their own or a vendor's IT department. This email will not contain malicious content and will typically be lighthearted to engage the recipient. This bait email will be constructed to initiate a reaction when the second 'sting' email arrives.

Email two- the sting: the second email sent to the recipient is the sting in the Barrel phishing email attack. Using reference to the first email, this second email will continue to engage the recipient, perhaps apologizing for "forgetting to include an important link in the first email" or creating a sense of urgency. This second email will contain a malicious link or an infected attachment. This exercise aims to continue the relationship building and engage the target to make them comfortable enough to hand over personal data or other sensitive information.

Tell-tale Signs of Barrel Phishing

Barrel phishing email attacks are typified by this double-email attack that uses a first engaging email followed by a second email that contains a link to a website or a request for data. This type of dual-email scam is an important way to recognize a Barrel phishing attack. Other things to look out for include poor spelling and grammar, look for simple typos and grammatical mistakes; However, AI-enabled chatbots like ChatGPT may be helping cybercriminals avoid these tell-tale signs. In the second email, look for Emotive content. Is the email pushy, or does it have a sense of urgency?

Barrel Phishing vs. Spear Phishing

Both Barrel and spear phishing engage and manipulate victims to hand over login credentials and other data to carry out further cyber-attacks. These attacks include Business Email Compromise, unauthorized access, and ransomware infection. However, whereas spear phishing will target a specific individual using a single email, Barrel phishing uses the two-email approach to build trust and execute the attack.

Book a free demo of SafeTitan to see how phishing simulations can train employees to recognize and prevent dangerous phishing attacks.

Book Free Demo

How to Prevent Barrel Phishing

Barrel phishing attacks use evasion techniques to avoid detection by traditional email security tools and employees. Make sure that your organization is ahead of the scammers by using a human-centric and layered approach to tackling Barrel phishing attacks:

Behavior-driven Security Awareness Training

Barrel phishing scammers use manipulation of behaviors such as trust to build relationships and trick employees: Cisco reported that 90% of data breaches result from phishing emails. In 86% of organizations, at least one person will click on a phishing link. Because Barrel phishing manipulates employees, a company must employ security awareness training to educate staff on security matters. 

Security awareness training is used to create a deep-rooted security culture ensuring that employees know what to look out for when using email, including the clever tactics used by scammers. However, the training must be a behavior-driven education. Security packages should be based on behavior change as a central pillar of educating users and use cyberpsychology to tackle risky behavior and help create positive security behavior.

Security awareness training must be human-centric and role-based to tailor the content to the student. For example, a company that uses behavior-driven security awareness training can ensure that the complex and sophisticated tricks used in Barrel phishing are more likely to be caught.

Phishing Simulations

Coveware found that phishing is the most common method to deliver ransomware; Q3 2022 shows a surge in phishing use for ransomware infections. Barrel phishing is successful because it uses human behavior and trust to execute a cyber-attack. This misuse of trust and the double-email ruse makes spotting Barrel emails difficult but possible. Advanced phishing simulation exercises help an organization train employees to stay vigilant when using email and spot the tell-tale signs of this sophisticated double email ploy.

Phishing simulations are important because they use intensive education to teach employees what a phishing message looks like, how subtle it can be, and how to stop and think before clicking a link or opening an attachment. Phishing simulators provide ongoing metrics that demonstrate the effectiveness of the training. They offer insights into how well employees respond to specific phishing tests. The metrics can be used to tailor spoof emails to address trouble areas that challenge employees. In the case of Barrel phishing, simulated phishing exercises can focus on the behavior manipulation at the center of this cyber-attack. 

As regular phishing simulations are performed, employees will become more adept at recognizing the signs of Barrel phishing.

Phishing Protection Solutions

Advanced phishing protection solutions help to prevent phishing messages from entering inboxes. For example, PhishTitan delivers AI-enabled protection that stops even yet unknown threats from entering inboxes. For instance, PhishTitan would prevent the malicious second email from landing in an employee's inbox. Advanced phishing protection tools, such as PhishTitan, have DNS filtering embedded in order to stop employees from entering a malicious website if linked during a Barrel phishing attack.

Robust Authentication Measures

Robust multi-factor authentication (MFA) is another layer of protection against Barrel phishing. Strong MFA must be backed up by password hygiene education as part of the security awareness training package. However, MFA is now being circumvented by cybercriminals, so it should not be relied upon as the only protection against phishing; researchers have recently identified toolkits for sale on the dark web that bypass two-factor authentication.

Phishing is an evolving threat, and Barrel phishing is part of this evolution. Therefore, one of the best ways an organization can prepare for this human-centric threat is to educate employees on how to detect and protect against this manipulative phishing attack.

To train your staff to spot the tell-tale signs of the dual email signature of a Barrel Phishing attack, check out TitanHQ’s demo of SafeTitan security awareness training.

Book a free demo of SafeTitan to train users how to spot tell-tale signs of a barrel phishing attack.

Book Free Demo

Talk to Our Email and DNS Security Team

Call us on US +1 813 304 2544

Contact Us