Your employees probably know not to open unexpected file attachments or click on random links, but what if an attachment arrives as part of an email conversation with trusted colleagues?
Sophisticated hackers are using a technique known as “conversation hijacking” to insert themselves into business operations, gain insight into sensitive details, and exploit the information for financial gain. What should you know about this insidious form of cyberattack on businesses?
New research indicates that the incidence of conversation hijacking increased by more than 400 percent in the second half of 2019 alone.
In a conversation hijacking attack, a hacker uses various methods for gaining access to business credentials — for instance, an email login. By using the phished information, the hacker then may join an existing email conversation by posing as someone already involved in the conversation.
Conversation hijacking attacks are mounted by hackers willing to invest significant time to gain access to sensitive information. The hacker may read through numerous emails and conduct research online to learn about business deals in progress or other potentially valuable information.
By gaining the trust of other people in the email thread, the hacker then can use a variety of techniques for gaining access to banking information and financial assets.
Conversation hijacking can take a number of different forms, with information coming from a range of different sources. Hackers may compromise email accounts through phishing or data breaches and use the stolen account information to stage account-takeover attacks.
A hacker then may spend time monitoring an email account — including ongoing message threads — to gain information about sensitive business details or financial arrangements. An attack may involve a hacker creating a fake domain similar to the real domains used by a company. In the case of domain impersonation, the goal is to create a domain similar enough to the real domain that unsuspecting employees click or download files without realizing the error.
Hackers also may impersonate the domain of a client, vendor or business partner to gain the trust of employees for the ultimate purpose of accessing financial accounts and information.
Conversation hijacking can be more difficult to detect than other types of hacking, but you can take steps to protect your business, your employees and your clients and partners.
The most important step you can take is ensuring that your team members understand how conversation hijacking attacks work. They should always use caution when downloading files or clicking on links and take time to ensure that all information — including domain names — matches their expectations.
In addition, any requests for financial information or immediate payment should raise red flags and should be reported to your company’s accounting department. If an employee doubts the authenticity of an email, they can contact the sender by phone or by starting a new email thread with an email address known to be accurate. Employees also should report to your IT team any email conversations or other incidents that seem suspicious.
Additional security measures — including robust email filtering and inbox rules — also can help, and restricting macros within documents can limit the means for hackers to gain access to account information. Multi-factor authentication also can provide extra protection against sophisticated conversation hijacking attacks.
I have known Tim for many years and have worked with him on many projects. Tim is a consummate professional whom I would happily and confidently recommend to anyone in need of his services.