Cybercriminals are using a new phishing technique to trick unsuspecting victims, ZDNet reports.
The technique, known as conversation-hijacking, is when hackers used compromised credentials to infiltrate real business email threads.
In a statement, Don Maclennan, SVP for engineering and product at Barracuda Networks, told ZDNet:
“Once they gain access to the account, attackers will spend time reading through conversations, researching their victims and looking for any deals or valuable conversations they can insert themselves.”
Using conversation-hijacking, malicious actors assume the role of a trusted colleague. So, when the time comes, it’s more likely that a phishing attack will be successful.
Research from Barracuda Networks shows that conversation-hijacking is quickly becoming a favorite technique for cybercriminals. In fact, an analysis of 500,000 emails showed that conversation-hijacking rose by over 400% between July and November last year.
Even worse, the personal nature of these attacks makes it difficult to detect.
“In most cases, the attackers won’t directly use the compromised account to send the malicious phishing message – because the user could notice that their outbox contains an email that they didn’t send.
However, what conversation hijackers do instead is an attempt to impersonate domains, using techniques like typo-squatting – when a URL is the same as the target company, save for one or two slightly altered changes.”
Though conversation-hijacking is more difficult to detect, ZDNet says they’re not impossible to spot.
Here are some tips:
- Pay attention to the email address a message is coming from.
- Be suspicious if the domain is slightly different compared to what you’re used to seeing.
- Be wary of sudden demands for payments or transfers.