Phishing attacks have grown in popularity in recent years- around 90% of all data breaches in companies result from phishing. Since a phishing attack doesn’t require a lot of technical prowess to execute and it relies on human error, hackers consider it a low-hanging fruit.
Because phishing is so common now, most people have become wary of opening suspicious emails with malware-ridden links. Seeing this, cybercriminals are now using an evolved form of phishing- called conversation hijacking.
What’s conversation hijacking?
When we chat with our friends, family, and coworkers via email, we usually let our guard down. After all, most messaging platforms make security a top priority.
Cybercriminals understand this vulnerability to carry out conversation hijacking. They use existing chats to carry out phishing attacks. They can extract important data, spread malware, and elicit money from victims through this.
How do they achieve this? Well, hackers first find the compromised email accounts without the user realizing they’ve been accessed. Then, they monitor the business operations and try to gather details.
These details are used to start new conversations or continue old business conversations in a way that feels natural. Victims are then tricked into making financial transactions or sharing critical data. Victims may also be convinced to open corrupt links or download infected files. The accessed email can be used to ask other employees of a company for information, too, tarnishing a company’s reputation and leaking ongoing projects.
The dangers of conversation hijacking
Conversation hijacking is really precise because corrupt emails come from trusted sources or are a part of an existing email chain. Most people won’t think twice before downloading an attachment sent by someone who appears to be a friend or work buddy.
Barracuda Networks has reported a sharp rise in domain-impersonation attacks in conversation hijacking. Basically, hackers buy a domain with almost the same link as a real business, except for one hard-to-notice letter. When these links are put in a communication chain, seldom would anyone read them twice to find the difference from the real domain.
This corrupt domain can be sent to employees from an employer’s email, and they’ll likely open it without thinking twice. Likewise, customers may receive this link from a business’s marketing team and have their PCs compromised. The latter is a catalyst for tarnishing a business’ reputation.
Qakbot has also evolved to become a conversation-hijacking tool. Initially starting as a banking trojan, the malware source is now automated and spreads through infected Windows systems. Qakbot uses payload to hunt for emails and passwords used on a PC. Qakbot is usually sent as a document in conversation hijacking and can read sensitive info on a computer.
Similarly, several other automated tools send out phishing emails, quoting original messages and making the conversation seem authentic. They exist on your PC without showing pop-ups unless vetted out by antivirus software.
Tips to avoid conversation hijacking
Conversation hijacking attacks are comparatively smaller in number, but they’re quite deadly- difficult to spot and costly to recover from. Here are a few tips businesses can use to avoid them.
- Employees can be trained using phishing simulators to avoid conversation hijacking expertly. Monitor domain name for spoofing and variations every time.
- Multi-factor authentication can be used to give an extra layer of security and prevent a takeover.
- AI can be employed to monitor regular conversation patterns and find anomalies. Suspicious logins from weird locations can also be tracked.
- Strengthen policies surrounding financial transactions. Approve only in-person or on-the-phone approval for intracompany transactions.