Report: Rise Of “Conversation-Hijacking” Phishing Attacks Threatens Businesses

Because the technique involves impersonating a trusted employee, the hacking method has the potential to be unusually effective.

  • By Haley Samsel
  • Jan 17, 2020

There has been a significant increase in the number of hackers implementing “conversation-hijacking” attacks to trick employees into installing malware, transferring money or disclosing their passwords, according to a new report from Barracuda Networks.

The phishing technique involves a hacker infiltrating real email threads between company employees by taking over accounts with previously stolen login credentials, perhaps bought through the dark web, according to ZDNet. After getting into the email account, attackers will impersonate the worker and attempt to extract information from their colleagues.

In an analysis of 500,000 emails, Barracuda found that conversation hijacking increased by over 400 percent between July and November 2019. The attacks are still relatively rare compared to traditional phishing attacks, which typically involve emails asking employees to click a link that installs malware on their devices and allows the attacker to gain access to a network.

But cybersecurity experts are concerned about the attacks because of how effective the technique could potentially be on gaining access to financial accounts or other sensitive information. Hackers will spend time on reading through conversations, researching victims and impersonating the way they write, according to Olesia Klevchuk, senior product manager for email security at Barracuda.

“These attacks are highly personalized, including the content, and therefore a lot more effective,” Klevchuk told ZDNet. “They have the potential of a very large payout, especially when organizations are preparing to make a large payment, purchase or an acquisition.”

Workers are more likely to believe the impersonation than an email from a random address asking them to click a link, according to Klevchuk. But the attacks are also not impossible to spot.

Attackers usually don’t use the actual compromised account to send the phishing message because the actual user can see if an email has been sent from their account. Instead, the hacker will try to impersonate the employee’s email domain with a technique called “typo squatting” that changes one or two characters to trick recipients into thinking the email is the real deal.

This makes it crucial for recipients to check the email address and domain if they are suspicious that their colleague did not send an email demanding account information or payment. In addition, employees should reach out directly to the employee through another contact method -- in person, by phone or through another email -- to check if they sent the email, according to ZDNet.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • Security Today Announces 2025 CyberSecured Award Winners

    Security Today is pleased to announce the 2025 CyberSecured Awards winners. Sixteen companies are being recognized this year for their network products and other cybersecurity initiatives that secure our world today. Read Now

  • Empowering and Securing a Mobile Workforce

    What happens when technology lets you work anywhere – but exposes you to security threats everywhere? This is the reality of modern work. No longer tethered to desks, work happens everywhere – in the office, from home, on the road, and in countless locations in between. Read Now

  • TSA Introduces New $45 Fee Option for Travelers Without REAL ID Starting February 1

    The Transportation Security Administration (TSA) announced today that it will refer all passengers who do not present an acceptable form of ID and still want to fly an option to pay a $45 fee to use a modernized alternative identity verification system, TSA Confirm.ID, to establish identity at security checkpoints beginning on February 1, 2026. Read Now

  • The Evolution of IP Camera Intelligence

    As the 30th anniversary of the IP camera approaches in 2026, it is worth reflecting on how far we have come. The first network camera, launched in 1996, delivered one frame every 17 seconds—not impressive by today’s standards, but groundbreaking at the time. It did something that no analog system could: transmit video over a standard IP network. Read Now

  • From Surveillance to Intelligence

    Years ago, it would have been significantly more expensive to run an analytic like that — requiring a custom-built solution with burdensome infrastructure demands — but modern edge devices have made it accessible to everyone. It also saves time, which is a critical factor if a missing child is involved. Video compression technology has played a critical role as well. Over the years, significant advancements have been made in video coding standards — including H.263, MPEG formats, and H.264—alongside compression optimization technologies developed by IP video manufacturers to improve efficiency without sacrificing quality. The open-source AV1 codec developed by the Alliance for Open Media—a consortium including Google, Netflix, Microsoft, Amazon and others — is already the preferred decoder for cloud-based applications, and is quickly becoming the standard for video compression of all types. Read Now

Most   Popular

New Products

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.