Report: Rise Of “Conversation-Hijacking” Phishing Attacks Threatens Businesses

Because the technique involves impersonating a trusted employee, the hacking method has the potential to be unusually effective.

There has been a significant increase in the number of hackers implementing “conversation-hijacking” attacks to trick employees into installing malware, transferring money or disclosing their passwords, according to a new report from Barracuda Networks.

The phishing technique involves a hacker infiltrating real email threads between company employees by taking over accounts with previously stolen login credentials, perhaps bought through the dark web, according to ZDNet. After getting into the email account, attackers will impersonate the worker and attempt to extract information from their colleagues.

In an analysis of 500,000 emails, Barracuda found that conversation hijacking increased by over 400 percent between July and November 2019. The attacks are still relatively rare compared to traditional phishing attacks, which typically involve emails asking employees to click a link that installs malware on their devices and allows the attacker to gain access to a network.

But cybersecurity experts are concerned about the attacks because of how effective the technique could potentially be on gaining access to financial accounts or other sensitive information. Hackers will spend time on reading through conversations, researching victims and impersonating the way they write, according to Olesia Klevchuk, senior product manager for email security at Barracuda.

“These attacks are highly personalized, including the content, and therefore a lot more effective,” Klevchuk told ZDNet. “They have the potential of a very large payout, especially when organizations are preparing to make a large payment, purchase or an acquisition.”

Workers are more likely to believe the impersonation than an email from a random address asking them to click a link, according to Klevchuk. But the attacks are also not impossible to spot.

Attackers usually don’t use the actual compromised account to send the phishing message because the actual user can see if an email has been sent from their account. Instead, the hacker will try to impersonate the employee’s email domain with a technique called “typo squatting” that changes one or two characters to trick recipients into thinking the email is the real deal.

This makes it crucial for recipients to check the email address and domain if they are suspicious that their colleague did not send an email demanding account information or payment. In addition, employees should reach out directly to the employee through another contact method -- in person, by phone or through another email -- to check if they sent the email, according to ZDNet.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • Maximizing Your Security Budget This Year

    The Importance of Proactive Security Measures: 4 Stories of Regret

    We all want to believe that crime won’t happen to us. So, some business owners hope for the best and put proactive security measures on the back burner, because other things like growth, attracting new customers, and meeting deadlines all seem more pressing. Read Now

  • New Uses for AI

    New applications of AI in IP cameras are delivering precise detection, robust search capabilities, elevated data analysis and enhanced image quality. When combined with built-in analytics, AI can help streamline forensic investigations and also supports several mission-critical business functions. Read Now

  • The Critical Missing Piece

    As technology advances, security programs have invested heavily in advanced systems and sensors. These sensors generate massive amounts of data, often overwhelming the security teams tasked with monitoring them. AI technology promises to sift through this data, using logic and reasoning to differentiate potential threats from non-threats. Read Now

  • Computers Beginning to Come Back Online After CrowdStrike Caused Crash Friday

    Computers around the world are beginning to come back online after a defective update to Windows machines from cybersecurity provider CrowdStrike Friday affected almost 9 million machines. Read Now

Featured Cybersecurity

Webinars

New Products

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file. 3

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation. 3