--- title: "The Lateral Phishing Attack is the New Trojan Horse | DuoCircle" description: "What is a lateral phishing attack? A lateral phishing attack occurs when “one or more compromised employee accounts in an organization are used to target o." image: "https://www.duocircle.com/images/og-default.png" canonical: "https://www.duocircle.com/blog/phishing-protection/the-lateral-phishing-attack-is-the-new-trojan-horse/" --- Quick Answer Lateral phishing happens when an already-compromised employee account inside an organization sends phishing emails to other employees in the same organization. Because the message comes from a real internal sender, it bypasses the trust signals users rely on. Barracuda research with UC Berkeley and UC San Diego found 1 in 7 organizations experienced lateral phishing over a seven-month window, that 11 percent of these campaigns successfully compromised additional accounts, and that 42 percent of attempts went unreported by employees who spotted them. Awareness training peaks at about 98 percent effectiveness, meaning a single trained employee in 50 still falls for a campaign. The first compromised account is the trojan horse; the only durable defense is keeping the original phishing email out of the inbox with cloud email security and real-time link scanning. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fphishing-protection%2Fthe-lateral-phishing-attack-is-the-new-trojan-horse%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=The%20Lateral%20Phishing%20Attack%20is%20the%20New%20Trojan%20Horse&url=undefined%2Fblog%2Fphishing-protection%2Fthe-lateral-phishing-attack-is-the-new-trojan-horse%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fphishing-protection%2Fthe-lateral-phishing-attack-is-the-new-trojan-horse%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fphishing-protection%2Fthe-lateral-phishing-attack-is-the-new-trojan-horse%2F&title=The%20Lateral%20Phishing%20Attack%20is%20the%20New%20Trojan%20Horse "Share on Reddit") [ ](mailto:?subject=The%20Lateral%20Phishing%20Attack%20is%20the%20New%20Trojan%20Horse&body=Check out this article: undefined%2Fblog%2Fphishing-protection%2Fthe-lateral-phishing-attack-is-the-new-trojan-horse%2F "Share via Email") ![Lateral Phishing Attack](https://media.mailhop.org/duocircle/images/2019/08/email-smtp-service-3492.jpg) **What is a lateral phishing attack?** A [lateral phishing](https://www.oodaloop.com/briefs/2019/08/15/lateral-phishing-attacks-a-growing-threat-to-the-enterprise/) attack occurs when “one or more compromised employee accounts in an organization are used to target other employees in the same organization. _Lateral phishing is similar to business email compromise_ (BEC), but while the latter is usually about getting victims to carry out fraudulent wire transfers, the main goal of the former is usually credential theft.” I suppose it means the attack occurs laterally across the org chart. _Lateral phishing attacks are generally effective because it’s easy for the hackers to convince the target the email is legitimate_. Afterall, it’s coming from someone inside the company. [![Report](https://media.mailhop.org/duocircle/images/2019/08/dmarc-report-3698.jpg)](https://media.mailhop.org/duocircle/images/2019/08/dmarc-report-3698.jpg) How big of a problem is this? A new [report](https://blog.barracuda.com/2019/07/18/threat-spotlight-lateral-phishing/) by Barracuda, in conjunction with researchers at UC Berkeley and UC San Diego, “found that 1 in 7 organizations experienced lateral **phishing attacks** over the past seven months.” In the past seven months! The lateral phishing attack is the new [Trojan horse](https://en.m.wikipedia.org/wiki/Trojan%5FHorse). The **Trojan horse** is the story of how the Greeks snuck soldiers into the city of Troy inside a giant wooden horse. Ultimately, the soldiers in the horse opened the gates of the city to let the rest of the Geek army in. The Greeks entered and destroyed the city of Troy, ending the war. _The first employee at a company to get phished is the Trojan Horse_. They’re the one that lets all the other **phishing emails** in. The way you keep them all out is to keep the first one out, keep the Trojan horse out. An [article](https://www.bleepingcomputer.com/news/security/lateral-phishing-attacks-a-growing-threat-to-the-enterprise/) on Bleeping Computer discussed the report. “While studying **180 lateral phishing attacks**, the researchers determined that 11% of the attacks were successful in compromising other victims in the same organization. Furthermore, of these attacks, 42% were not reported to the organizations IT department or security team, which may have allowed the accounts to be used for multiple attacks.” Lateral attacks are a great example of why **security awareness training** is ineffective. We know from [research](/phishing-protection/now-we-know-why-you-cant-depend-on-awareness-training-to-stop-phishing-attacks/#more-13863) that _the best awareness training is only 98% effective_. That means if 50 employees at an organization receive a phishing email, at least one of them is getting phished. And with lateral phishing, they didn’t just get phished, they let in the Trojan horse. [![email security services](https://media.mailhop.org/duocircle/images/2019/08/DMARC-report-service-4698.jpg)](https://media.mailhop.org/duocircle/images/2019/08/DMARC-report-service-4698.jpg) If you want to protect your organization from lateral phishing attacks, from today’s Trojan horse, you’re going to need more than awareness training. You’re going to need [email security with real-time link click protection](/email/phishing-protection). You’re going to need DuoCircle. Our [email security services](/) block malicious websites. It protects against ransomware. And you can try it risk free for 30 days. Keeping the new Trojan horse out of your organization is job #1 today. ![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) Brad Slavin General Manager General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio. ## Secure your email infrastructure Protect, authenticate, and deliver. Contact our team to find the right solution. [Contact Sales](/contact/) [Explore Products](/products/) ## Related Articles [ Phishing 11m AI-Generated Phishing Has Eliminated the Typo: Why Traditional Email Filters Are No Longer Enough Apr 28, 2026 ](/blog/ai-generated-phishing-eliminates-typos-making-traditional-email-filters-ineffective/)[ Phishing 5m 10 Applications of ChatGPT that Hackers Are Already Exploiting May 3, 2023 ](/blog/phishing-protection/10-applications-of-chatgpt-that-hackers-are-already-exploiting/)[ Phishing 4m 65% of Global Businesses Ill-Equipped to Defend Against Email-Based Cyber-Attacks Mar 29, 2016 ](/blog/phishing-protection/65-global-businesses-ill-equipped-defend-email-based-cyber-attacks/)[ Phishing 9m 7 Ways to Protect Your Organization from Email-based Ransomware Attacks Feb 11, 2018 ](/blog/phishing-protection/7-ways-protect-organization-email-based-ransomware-attacks/) ```json {"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}} ``` ```json [{"@context":"https://schema.org","@type":"BlogPosting","headline":"The Lateral Phishing Attack is the New Trojan Horse","description":"What is a lateral phishing attack? A lateral phishing attack occurs when “one or more compromised employee accounts in an organization are used to target o.","url":"https://www.duocircle.com/blog/phishing-protection/the-lateral-phishing-attack-is-the-new-trojan-horse/","datePublished":"2019-08-24T14:33:08.000Z","dateModified":"2025-04-10T16:50:25.000Z","dateCreated":"2019-08-24T14:33:08.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/phishing-protection/the-lateral-phishing-attack-is-the-new-trojan-horse/"},"articleSection":"phishing-protection","keywords":"","wordCount":448,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2019/08/email-smtp-service-3492.jpg","caption":"Lateral Phishing Attack","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"Phishing"},{"@type":"ListItem","position":3,"name":"The Lateral Phishing Attack is the New Trojan Horse","item":"https://www.duocircle.com/blog/phishing-protection/the-lateral-phishing-attack-is-the-new-trojan-horse/"}]}] ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"Phishing","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"The Lateral Phishing Attack is the New Trojan Horse","item":"https://www.duocircle.com/blog/phishing-protection/the-lateral-phishing-attack-is-the-new-trojan-horse/"}]} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"The Lateral Phishing Attack is the New Trojan Horse","description":"What is a lateral phishing attack? A lateral phishing attack occurs when “one or more compromised employee accounts in an organization are used to target o.","url":"https://www.duocircle.com/blog/phishing-protection/the-lateral-phishing-attack-is-the-new-trojan-horse/","datePublished":"2019-08-24T14:33:08.000Z","dateModified":"2025-04-10T16:50:25.000Z","dateCreated":"2019-08-24T14:33:08.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/phishing-protection/the-lateral-phishing-attack-is-the-new-trojan-horse/"},"articleSection":"phishing-protection","keywords":"","wordCount":448,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2019/08/email-smtp-service-3492.jpg","caption":"Lateral Phishing Attack","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ```