UK organisations’ email accounts used in mass phishing campaigns

Print Friendly, PDF & Email

In recent months we have seen a significant rise in email account takeover attacks taking place in the UK.

Email account takeover may not be an attack that is regularly featured in media headlines, but it can be devastating for its victims and very hard to spot.

Barracuda Sentinel has been detecting a large number of phishing campaigns that use legitimate compromised accounts in the UK.Click To Tweet

How the attack works

Account takeover attacks involve criminals stealing the login credentials of an employee of an organization, remotely logging in to their account and launching attacks pretending to be them.

The attacks they launch are most commonly phishing campaigns that will often go undetected by security solutions as they appear to be genuine emails. 

Over the last few weeks, we have specifically been seeing a large number of mass phishing campaigns that use legitimate compromised accounts from UK based organizations. 

In this post, we survey some anonymized examples of these attacks.

Example 1: Attackers leverage major UK university's reputation to send phishing attacks that bypass email gateways

In this example, the attackers managed to gain entry into a faculty member of a major UK university’s email account. They used it to send a phishing email to a US-based company with an email claiming that their email account had been deactivated, in order to steal the target's credentials. This email bypassed the email system defenses because the attack was coming from a legitimate, high reputation sender.
Example 2: UK online retailer compromised, used to impersonate Office 365 90 times

In this example, the attacker compromised the email account of a manager at a UK based retailer to send phishing emails to 90 different targets. In these phishing emails, the attacker impersonates Office 365 and tries to get the recipient to sign in to read supposed unread emails.
Example 3: UK-based IT provider email account used to impersonate an employee

In this example, the attackers compromised an email account of a reputable UK-based IT provider. They then used that account to send an email impersonating an employee from the target's company, trying to get them to click on a link. Notice in this example that they fake an email thread, to try to get the employee to believe the email is legitimate. The link itself leads to a compromised website that tries to download malware to the target's device.

Multi-factor authentication (MFA) is imperative to stop these account takeover attacks. Click To Tweet

What can you do to protect yourself?

  • Crucially, traditional email security filters cannot detect and prevent account takeover, because they do not monitor and stop malicious internal communication. Barracuda Sentinel is the industry's first solution that can automatically prevent, detect and remediate account takeover using artificial intelligence. Its unique API-based architecture allows Barracuda Sentinel to monitor and stop malicious internal communication.
  • Another essential aspect of protecting yourself against account takeover and other sophisticated email-borne attacks is training and awareness. Barracuda PhishLine provides continuous simulation and training to help employees understand the latest attack techniques and recognize subtle clues.
  • It may sound basic, but using strong passwords (ideally with a password manager) and is a great way to decrease the probability of email accounts getting compromised. Good passwords are long, unpredictable and complex, using a combination of uppercase letters, lower case letters, numbers, and special characters.
  • Multi-factor authentication (MFA), where two forms of authentication are needed to log in to an account is imperative to stop these kinds of attacks taking place. MFA means that even if a user's login credentials are stolen, without the trusted device, an attacker cannot access the account, and if a user's device is taken, the attacker cannot access the account without the login credentials.



Stop impersonation and email account takeover with Barracuda Sentinel.

Scroll to top