A New, Harder-to-Detect Phishing Scheme is Infiltrating Your Customers’ Inboxes

Conversation hijacking attacks come from trusted email accounts. So, how can they be stopped?

New research from Barracuda Networks highlights a rapidly growing cyber threat – conversation hijacking. An analysis of 500,000 emails showed that this type of attack rose by more than 400 percent between July and November of 2019. That’s a jump from around 500 attacks to more than 2,000 in just a few months.

Conversation hijacking is a form of phishing that entails cybercriminals inserting themselves into existing business conversations or initiating new conversations based on information they’ve gathered from compromised email accounts or other sources. Because victims recognize the email account, they’re less likely to object to requests asking for personal information or money. Additionally, these campaigns are often well researched, carefully targeted, and highly personalized, which makes them more effective than most generalized phishing attacks.

Compromised Emails and Domain Impersonation Go Hand in Hand

When an email account is compromised, it’s almost always discovered eventually, and the account owner’s credentials are updated. Knowing this, cybercriminals often deploy a secondary attack following an email compromise — domain impersonation. Domain impersonation uses a technique known as typo-squatting, which entails replacing or adding letters to a legitimate URL (e.g., www.barracudanetwork.com instead of www.barracudanetworks.com) or changing the top-level domain (e.g., changing a .com domain to .net or .co). During the period the email is compromised the attacker gathers all kinds of data about who the email owner communicates with and the language the person uses, which allows the attacker to create believable messages to unsuspecting recipients. Then, the attacker continues to build trust and gather more information by sending emails from a domain that looks just like the compromised email at a quick glance. Subsequently, the impersonated domain website can be configured to look just like the real one — complete with the ability to “accept payments” and “update your online profile.”

5 Steps to Stop Conversation Hijacking

At Barracuda, we recommend several strategies to help protect your customers against conversation hijacking attacks and domain impersonation scams. They include:

Automated monitoring: Businesses should leverage technology to monitor domain registrations and account logins. This can help identify any suspicious activity, including logins from unexpected or unusual locations. Regularly checking registrations of similar-sounding domains can also provide an early indication of a potential attack.

Protect against account takeovers: In addition to implementing multi-factor authentication to make it harder for cybercriminals to hijack your customers’ email accounts, using solutions like Barracuda Sentinel can help you detect emails from impersonated domains and remediate attacks in real time by issuing alerts and removing malicious emails.

Battle phishing with AI: Conversation hijacking and other advanced attacks are designed to bypass spam filters and traditional security solutions. By using a security platform that incorporates artificial intelligence (AI), companies can protect their networks with a solution that can learn communication patterns and spot anomalies that humans may miss.

Step-up employee training: Threat protection requires more than just technology. Educate users about these new types of email attacks, how to recognize them, and how to avoid being tricked by fraudulent email messages. Phishing simulation solutions are available that can help train users and identify those most likely to fall victim to these scams.

Implement robust security policies: Phishing attacks are less likely to succeed if procedures like wire transfers and payments are protected by multi-step authorizations. Help your customers institute strong policies and make sure their employees are trained and incentivized to follow them.

Conversation hijacking is just the latest tactic that cybercriminals are employing to breach your customers’ network defenses. New threats are emerging every month. By combining a multi-layered security approach that includes up-to-date technology, training, and internal policies, technology solution providers can reduce the possibility that their clients will fall victim to these new phishing variations.