Press "Enter" to skip to content

Double Barrel Phishing

Last updated on April 17, 2022

An Introduction to Double Barrel Phishing

Phishing is not new by any means and it has been in action since the mid-1990s. In 2020, there were 11 times more phishing complaints than in 2016 according to the FBI, which is saying something. Cybercriminals are perfecting their craft, which is how double barrel phishing came to be and today we will discuss all about it!

What Is Double Barrel Phishing?

Double barrel phishing is a phishing tactic that involves two or several emails where the objective is to establish trust and authenticity so the victim is less likely to doubt or question the attacker. Phishing refers to a type of cybercrime where deception is used to steal sensitive information from people and organizations.

Essentially, people are tricked into accessing a malicious attachment or providing personal or confidential information because the source of the request looks legitimate. Once the attacker gets the information they need, they will use that to impersonate their victims to apply for loans or credit cards, open bank accounts, and commit other kinds of fraud.

Example of Phishing Email


First Email

The first email is the bait, so it’s a benign email. It doesn’t contain links or attachments and it demands nothing from the target, not even a response. Attackers are known to impersonate people the target already knows using a similar signature or email address, to make it seem more legitimate. It will look very similar to this example:

“Hey, are you still in the office? I need a favor.”

Second Email

The second email is less innocent but it builds on the credible scenario set up by the first email. It’s a follow-up and it will contain malicious attachments or require some kind of action that will initiate the attack. For example:

“Hi again. I just need you to review this report ASAP. Thanks!”

Why Is Double Barrel Phishing So Dangerous?

This kind of attack is dangerous because it’s quite effective. The combination of context, emotional triggers, and content makes it very successful. There’s always some kind of urgency involved and the targets believe it’s someone they already trust, so they are less likely to suspect. Once the attacker gains access, the target’s personal information will be compromised and it can lead to serious issues for themselves and the company.

How to Prevent a Phishing Attack

Know the Signs

Learning how to spot phishing emails is key. That’s why education and awareness are so important! Make sure employees are properly trained and understand what they need to do if they suspect an attack.

Use Smarter Email Security

Cybercriminals are adaptive, so they can get past most email security features. However, if you double down and use smarter email security, it will be very difficult for their emails to even reach you. Tools such as Egress Defend are very useful because they analyze the content and context of emails to identify phishing threats.

Be First to Comment

    Leave a Reply