Report: Rise Of “Conversation-Hijacking” Phishing Attacks Threatens Businesses

Because the technique involves impersonating a trusted employee, the hacking method has the potential to be unusually effective.

  • By Haley Samsel
  • Jan 17, 2020

There has been a significant increase in the number of hackers implementing “conversation-hijacking” attacks to trick employees into installing malware, transferring money or disclosing their passwords, according to a new report from Barracuda Networks.

The phishing technique involves a hacker infiltrating real email threads between company employees by taking over accounts with previously stolen login credentials, perhaps bought through the dark web, according to ZDNet. After getting into the email account, attackers will impersonate the worker and attempt to extract information from their colleagues.

In an analysis of 500,000 emails, Barracuda found that conversation hijacking increased by over 400 percent between July and November 2019. The attacks are still relatively rare compared to traditional phishing attacks, which typically involve emails asking employees to click a link that installs malware on their devices and allows the attacker to gain access to a network.

But cybersecurity experts are concerned about the attacks because of how effective the technique could potentially be on gaining access to financial accounts or other sensitive information. Hackers will spend time on reading through conversations, researching victims and impersonating the way they write, according to Olesia Klevchuk, senior product manager for email security at Barracuda.

“These attacks are highly personalized, including the content, and therefore a lot more effective,” Klevchuk told ZDNet. “They have the potential of a very large payout, especially when organizations are preparing to make a large payment, purchase or an acquisition.”

Workers are more likely to believe the impersonation than an email from a random address asking them to click a link, according to Klevchuk. But the attacks are also not impossible to spot.

Attackers usually don’t use the actual compromised account to send the phishing message because the actual user can see if an email has been sent from their account. Instead, the hacker will try to impersonate the employee’s email domain with a technique called “typo squatting” that changes one or two characters to trick recipients into thinking the email is the real deal.

This makes it crucial for recipients to check the email address and domain if they are suspicious that their colleague did not send an email demanding account information or payment. In addition, employees should reach out directly to the employee through another contact method -- in person, by phone or through another email -- to check if they sent the email, according to ZDNet.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • Research: Cybersecurity Success Hinges on Full Organizational Support

    Cybersecurity is the top technology priority for the vast majority of organizations, but moving from aspiration to reality requires a top-to-bottom commitment that many companies have yet to make, according to new research released today by CompTIA, the nonprofit association for the technology industry and workforce. Read Now

  • Live from GSX 2024: Day 3 Recap

    And GSX 2024 in Orlando, is officially in the books! I’d like to extend a hearty congratulations and a sincere thank-you to our partners in this year’s Live From program—NAPCO, Eagle Eye Networks, Hirsch, and LVT. Even though the show’s over, keep an eye on our GSX 2024 Live landing page for continued news and developments related to this year’s vast array of exhibitors and products. And if you’d like to learn more about our Live From program, please drop us a line—we’d love to work with you in Las Vegas at ISC West 2025. Read Now

    • Industry Events
    • GSX

  • Bringing New Goods to Market

    The 2024 version of GSX brought with it a race to outrun incoming hurricane Helene. With it’s eye on Orlando, it seems to have shifted and those security professionals still in Orlando now have a fighting chance to get out town. Read Now

    • Industry Events
    • GSX

  • Live from GSX 2024: Day 2 Recap

    Day 2 was another winner at GSX 2024 in Orlando. Aisles and booths were packed with attendees looking at some of the new and latest security technology. Remember to follow the GSX Live page from Security Today, as well as SecurToday on X and Security Today on LinkedIn to find out more about what’s happening on the show floor during tomorrow’s final day. Here’s what was happening with all four of our partners during the event on Tuesday. Read Now

    • Industry Events
    • GSX
Most   Popular

Featured Cybersecurity

Webinars

New Products

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3