All About Conversation Hijacking
One of the biggest yet age-old perils of technology is the theft of user data and internet scams. Phishing techniques are neither new nor uncommon. However, new and improved technology brings with it the challenges of even more advanced phishing techniques, making it harder for security companies to navigate privacy-related concerns. One such technique which has been particularly challenging is the conversation hijacking attacks, where cybercriminals trick workers into installing malware, transferring money or handing over their login credentials. Hackers do this by infiltrating business email threads using credentials and information which they stole or purchased on dark web forums and posing as one of them group members. Then, they spend time reading through the conversations, researching their victims, and looking for any deals or valuable conversations that they can further infiltrate. The attacks have been particularly effective because the hackers have been able to gain their targets’ trust by stealing a real identity instead of creating a fake one. This technique has been so successful that even though conversation hijacking still remains rare, new research based on 500,000 emails reveals that they have increased by an astonishing 400% from July to November of last year. (source: Barracuda Networks)
The challenge becomes harder to overcome when we look at not just the overall damage done to companies, but also the fact that these attacks are designed in a way that makes them impossible to detect. Attackers impersonate domains by using techniques like typo-squatting (when the URL used is the same as the target company barring one or two changes), instead of using the compromised account to send a malicious phishing message. This allows them to get access to any information they need since the target is likely going to fail to notice the slight changes in the URL. They assume that the email is from their contact, a trusted person, and not an attacker. What follows is simple: once their trust has been earned, and the hijackers are certain that their target does not have any suspicions, they ask for a transfer or payment. It is likely that the target will oblige since they assume that the request comes from a colleague, customer, partner or vendor, and not a hijacker.
What is perhaps remarkable about the conversation hijacking technique is the amount of time that hackers are willing to invest in order to make the hacking more seamless, by communicating with their intended target for several weeks. Olesia Klevchuk, senior product manager for email security at Barracuda Network, credits this to the personalized nature of these attacks which makes the targets fall more easily for these conversation-hijacking attacks over traditional phishing.
“They have the potential of a very large payoff, especially when organizations are preparing to make a large payment, purchase or an acquisition,” she concludes.
However, does this necessitate panic? Fortunately, no. Even though these attacks are difficult to spot, it is not impossible; all it takes is a little vigilance from users to safeguard their data. With careful attention to details like domain URL, and the sender of the email, they will be able to notice minute changes which will prevent them from falling for these attacks. Furthermore, sudden requests for payments and transfers should be cross-checked with the person requesting it over a phone call or in person. Features like two-factor authentication come in handy during these situations, and stolen credentials will be rendered unusable, and organizations should encourage their employees to implement it.
Often, security works best when you have a partner looking out for you. With over 20 years of experience in the online security niche, we have refined and polished our offerings by going through countless test cases. With our DMARC tool, you can perform a quick check on your domain status and eliminate the risk of your domain being misused. Our email security tools can filter out several types of potential threats including BEC attacks, fraudulent emails and suspicious attachments. With several layers of security protecting all vulnerable points of entry, you can rest easy!