This Sneaky Phishing Technique is Tricking Employees into Installing Malware or Sharing Their Credentials

• Termed as ‘conversation-hijacking’, the attack involves bad actors infiltrating real business email threads.
• The infiltration is done by exploiting previously compromised credentials.

Security researchers are warning users about the increase in a particular phishing technique that tricks unsuspecting employees into performing malicious activities. This can include installing malware, transferring money or handing over their login credentials.

What’s new about the phishing technique?

• Termed as ‘conversation-hijacking’, the attack involves bad actors infiltrating real business email threads.
• The infiltration is done by exploiting previously compromised credentials. These credentials can be purchased on dark web forums or stolen via brute force attacks.
• Once the attackers gain access to the account, they spend time reading through conversations. They do research on the victim and later look for any deals or valuable conversations that can be inserted within an email thread.
• The idea behind using a real identity and mimicking the language makes the phishing attack look legitimate and the email appears to come from a trusted source.

What is the success rate of such attacks?

According to new research from Barracuda Networks, analysis of 500,000 emails show that conversation hijacking attacks have risen by over 400% between July and November last year.

"These attacks are highly personalized, including the content, and therefore a lot more effective. They have the potential of a very large payout, especially when organizations are preparing to make a large payment, purchase or an acquisition," Olesia Klevchuk, senior product manager for email security at Barracuda Networks, told ZDNet.

How to combat the risk?

Conversation-hijacking attacks are more sophisticated than regular phishing attacks. Hence they are impossible to spot. Therefore, users should pay attention to the email address thread to understand whether a message is suspicious or not.

Users should also be wary of sudden demands for payments or transfers and if there’s a doubt about the origin of the request, they should contact the person requesting it.