Back to Blog

Conversation Hijacking

Parker Byrd

Well, here we go once again. There is now a new sneaky phishing technique that is definitely on the rise. Its primary target is conversation hijacking attacks. These vicious attacks try to trick someone into unknowingly transfer money, install malware, or provide the attacker with valuable login credentials.

The attack plan is plain and simple. The attacker wants to obtain real business email threads and afterward infiltrate them under the guise of someone that is known within the victim's group. They do this by stealing or purchasing compromised credentials from either the dark web or from previous brute force attacks. After they have gained access to an account, the attacker will spend whatever time it takes to get to know their victims. They do this by reading through all of their email conversations.

They deceive the victim by learning how to mimic the language that the victim normally uses when emailing. This conversation or offer deception is often viewed as a coming from a trusted friend, company, or colleague. Cybercriminals truly believe that they have discovered a non-exhaustible cyber gold mine. In fact, a recent report stated that in only 3 months, from July to November, conversation hijacking had increased by an astounding 400%.

True, conversation hijacking attacks are still not very common but it is important to note that they are extremely difficult to detect, they are effective, and they have the potential of costing an organization or an individual a lot of money and heartache. There is a tremendous amount of work involved in a cyber conversation hijacking attack. However, since the rewards are so high, it is now becoming a major concern.

Victims need to be aware that the attacker typically will not directly use a compromised account. They realize that the victim would easily detect if they did not send a specific email. The way that they get around this is by attempting to impersonate domains.

It is similar to typo-squatting where a fictitious URL is almost the same as a target company's legitimate URL.  However, the fictitious URL has a few slightly altered changes. The victim may not notice these slight changes and therefore believes that the email is legitimate. Perhaps it was sent from a partner, friend, vendor, or colleague.

The attacks are effective because they are highly personalized. The payouts can be enormous. This will be especially true when dealing with a large acquisition or payment. This new type of sneaky phishing technique is more sophisticated than the old standard phishing attacks. The good news, however, is that they are not completely impossible to detect.

Nevertheless, individuals and organizations should go on the offensive and contact a reputable cybersecurity company for assistance. A cybersecurity company will be able to provide you, your employees, and your organization with extensive training on how to prevent or manage a cyber attack.

Obviously, since there has been a 400% increase with this new, successful phishing technique, the number of victims of this attack will continue to rise. As the world becomes more reliant on online activities, cybersecurity becomes a necessity for both individuals and businesses. Cybercrime continues to evolve as cybercriminals develop more sophisticated methods of attack. Are you protected?

If you need any assistance with cybersecurity contact Hook Security today.Source:

Sign up for our  newsletter

Get Free Exclusive Training Content in your inbox every month

Share on social media: 

More from the Blog

Never miss a post.

Enter your email below to be added to our blog newsletter and stay informed, educated, and entertained!
We will never share your email address with third parties.