A new tactic being adopted by phishing attackers where two connecting emails are being sent in close proximity to each other is being seen increasingly in business.
The emails are being deployed in pairs to lure recipients into believing they are genuine. By familiarising with the victim before the actual weapon is used the recipient is lured into sense of security and familiarity.
The initial email would introduce the recipient to the sender and contain no attachment or threat, the email would explain an attachment or link is to follow. For example,
Great to meet you at XXX last week. Following our conversation I’ve got an article you may find really helpful for your project. I’ll send it over shorty”
Although vague, the content of the email could be applicable to many workers. The content can also be very easily adapted to different industries/targets. By familiarising themselves with the victim and also setting them up to expect a following email containing an attachment the attacker has instantly increased their chances for a successful opening and in hand a successful phishing attack. The following email would contain the malicious link or attachment.
It’s reported that 60% of all office workers receive phishing emails on a daily basis. 6% of these receive 10 or more per day.