Conversation hijacking is a type of targeted email attack in which cybercriminals insert themselves into existing business conversations or initiate new conversations based on information they’ve gathered from compromised email accounts or other sources.
Conversation hijacking is typically, but not always, part of an account-takeover attack. Attackers use phishing attacks to steal login credentials and compromise business accounts. They then spend time reading through emails and monitoring the compromised account to understand business operations and to learn about deals in progress, payment procedures, and other details.
Criminals leverage this information including internal and external conversations between employees, partners, and customers, to craft authentic-looking and convincing messages, send them from impersonated domains, and trick victims into wiring money or updating payment information.
Cybercriminals invest a lot of time, effort, and money to register an impersonating domain and hijack a conversation. Using domain impersonation allows attackers take the conversation outside the organization. This allows them to proceed with the attacks even if the accounts that were previously taken over have been secured and remediated.
These attacks are highly personalized, well researched making them effective, hard to detect and costly. Because of this conversation hijacking has been growing over time.
First make sure that conversation hijacking is part of your security awareness training. Ensuring your employees can recognize these attacks will do a lot to help protect your organization against them.
Second, recognize that most conversation hijacking starts with an account takeover. To ensure that scammers are not using your organization to launch these attacks, deploy account takeover protection along with multi-factor authentication as an additional layer of security.
Third, as scammers adapt their tactics to bypass gateways and filters it’s important for organizations to deploy technology that uses artificial intelligence to detect highly targeted attacks like conversation hijacking.
And finally, help employees to avoid costly mistakes by creating guidelines and enforcing procedures to confirm all email requests and wire transfers.
How Barracuda can help
Barracuda Sentinel protects against business email compromise, account takeover, spear phishing, and other cyber fraud. It combines artificial intelligence, deep integration with Microsoft Office 365, and brand protection into a comprehensive cloud-based solution.
Sentinel’s unique API-based architecture lets the AI engine study historical email and learn users’ unique communication patterns. It blocks phishing attacks that harvest credentials and lead to account takeover, and enables real-time remediation.
Barracuda PhishLine is an email security awareness and phishing simulation solution designed to protect your organization against targeted phishing attacks. PhishLine trains employees to understand the latest social engineering phishing techniques, recognize subtle phishing clues, and prevent email fraud, data loss, and brand damage. PhishLine transforms employees from a potential email security risk to a powerful line of defense against damaging phishing attacks.