Rick Richardson's Views On Technology
  • Home
  • Blog

Beware of This New Sneaky Phishing Technique

1/26/2020

0 Comments

 
Picture
There's been a significant rise in cybercriminals using a particular phishing technique to trick workers into unwittingly installing malware, transferring money, or handing over their login credentials.

In conversation-hijacking attacks, hackers infiltrate real business email threads by exploiting previously compromised credentials –perhaps purchased on dark web forums, stolen or accessed via brute force attacks – before inserting themselves into the conversation in the guise of one of the group.

"Once they gain access to the account, attackers will spend time reading through conversations, researching their victims and looking for any deals or valuable conversations they can insert themselves," Olesia Klevchuk, senior product manager for email security at Barracuda Networks, said.

The idea is that by using a real identity and by mimicking the language that a person uses, the phishing attack will be viewed as coming from a trusted colleague and is thus much more likely to be successful.

Cybercriminals are leaning hard on this attack technique as a means of compromising businesses, according to new research from Barracuda Networks. Analysis of 500,000 emails showed that conversation hijacking rose by over 400% between July and November last year.

While conversation-hijacking attacks are still relatively rare, the personal nature means they're difficult to detect, are effective, and potentially very costly to organizations that fall victim to campaigns.

For cybercriminals conducting conversation-hijacking attacks, the effort involved is much greater than merely spamming out phishing emails in the hope that a target clicks, but a successful attack can potentially be highly rewarding.

In most cases, the attackers won't directly use the compromised account to send the malicious phishing message – because the user could notice that their outbox contains an email that they didn't send.

However, what conversation hijackers do instead is attempt to impersonate domains, using techniques like typo-squatting – when a URL is the same as the target company, save for one or two slightly altered changes.

But by using a real name and a real email thread, the attackers are hoping that the intended target won't notice the domain is slightly different and that they'll follow the request that's coming from their supposed contact, perhaps a colleague, customer, partner or vendor.

In some cases, it's been known for conversation hijackers to communicate with their intended victims for weeks to ensure that trust is built up.

At some point, the attacker will make their move and try to trick the victim into transferring money, sensitive information, or potentially installing malware.

"These attacks are highly personalized, including the content, and therefore a lot more effective. They have the potential of a huge payout, especially when organizations are preparing to make a large payment, purchase, or an acquisition," said Klevchuk.

"There is a great chance that someone will fall for a conversation-hijacking attack over a more traditional type of phishing," she added.

However, while conversation-hijacking attacks are more sophisticated than regular phishing attacks, they're not impossible to spot. Users should pay attention to the email address a message is coming from and be suspicious if the domain is slightly different compared to what they're used to seeing.

Users should also be wary of sudden demands for payments or transfers and, if there's doubt about the origin of the request, they should contact the person requesting it, either in person, by phone, or by starting a new email to their known address.
​
Organizations can also protect their employees from these attacks by implementing two-factor authentication, because by adding this extra layer, even if login credentials are stolen, attackers can't use them to conduct further attacks.
0 Comments



Leave a Reply.

    Author

    Rick Richardson, CPA, CITP, CGMA

    Rick is the editor of the weekly newsletter, Technology This Week. You can subscribe to it by visiting the website.

    Rick is also the Managing Partner of Richardson Media & Technologies, LLC. Prior to forming his current company, he had a 28-year career in technology with Ernst & Young, the last twelve years of which he served as National Director of Technology.

    Mr. Richardson has been named to the "Technology 100"- the annual honors list of the 100 key achievers in technology in America. He has also been honored by the American Institute of CPAs with two Lifetime Achievement awards and a Special Career Recognition Award for his contributions to the profession in the field of technology.

    In 2012, Rick was inducted into the Accounting Hall of Fame by CPA Practice Advisor Magazine. He has also been named to the 100 most influential individuals in the accounting profession in America by Accounting Today magazine.

    In 2017, Rick was inducted as a Marquis Who’s Who Lifetime Achiever, a registry of professionals who have excelled in their fields for many years and achieved greatness in their industry.

    He is a sought after speaker around the world, providing his annual forecast of future technology trends to thousands of business executives, professionals, community leaders, educators and students.

    Picture
    Picture
    Picture
    Picture
    Picture

    Archives

    October 2022
    September 2022
    August 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    November 2016
    October 2016
    September 2016
    August 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    February 2016
    January 2016
    December 2015
    November 2015
    October 2015
    September 2015
    August 2015
    July 2015
    June 2015

    Categories

    All
    Artificial Intelligence
    Audit
    Back Up
    Back-Up
    Blockchain
    Climate
    Cloud
    Collaboration
    Communication
    Coronavirus
    COVID 19
    COVID-19
    Digital Assistant
    Display
    Drone
    Edge Computing
    Education
    Enterprise
    Hardware
    Home Automation
    Internet Of Things
    Law
    Medicine
    Metaverse
    Mobile
    Mobile Payments
    Open Source
    Personalization
    Power
    Privacy
    Quantum Computing
    Remote Work
    Retail
    Robotics
    Security
    Software
    Taxes
    Transportation
    Wearables
    Wi Fi
    Wi-Fi

    RSS Feed

    View my profile on LinkedIn
Powered by Create your own unique website with customizable templates.