Back to Blog

Conversation Hijacking

Parker Byrd

Well, here we go once again. There is now a new sneaky phishing technique that is definitely on the rise. Its primary target is conversation hijacking attacks. These vicious attacks try to trick someone into unknowingly transfer money, install malware, or provide the attacker with valuable login credentials.

The attack plan is plain and simple. The attacker wants to obtain real business email threads and afterward infiltrate them under the guise of someone that is known within the victim's group. They do this by stealing or purchasing compromised credentials from either the dark web or from previous brute force attacks. After they have gained access to an account, the attacker will spend whatever time it takes to get to know their victims. They do this by reading through all of their email conversations.

They deceive the victim by learning how to mimic the language that the victim normally uses when emailing. This conversation or offer deception is often viewed as a coming from a trusted friend, company, or colleague. Cybercriminals truly believe that they have discovered a non-exhaustible cyber gold mine. In fact, a recent report stated that in only 3 months, from July to November, conversation hijacking had increased by an astounding 400%.

True, conversation hijacking attacks are still not very common but it is important to note that they are extremely difficult to detect, they are effective, and they have the potential of costing an organization or an individual a lot of money and heartache. There is a tremendous amount of work involved in a cyber conversation hijacking attack. However, since the rewards are so high, it is now becoming a major concern.

Victims need to be aware that the attacker typically will not directly use a compromised account. They realize that the victim would easily detect if they did not send a specific email. The way that they get around this is by attempting to impersonate domains.

It is similar to typo-squatting where a fictitious URL is almost the same as a target company's legitimate URL.  However, the fictitious URL has a few slightly altered changes. The victim may not notice these slight changes and therefore believes that the email is legitimate. Perhaps it was sent from a partner, friend, vendor, or colleague.

The attacks are effective because they are highly personalized. The payouts can be enormous. This will be especially true when dealing with a large acquisition or payment. This new type of sneaky phishing technique is more sophisticated than the old standard phishing attacks. The good news, however, is that they are not completely impossible to detect.

Nevertheless, individuals and organizations should go on the offensive and contact a reputable cybersecurity company for assistance. A cybersecurity company will be able to provide you, your employees, and your organization with extensive training on how to prevent or manage a cyber attack.

Obviously, since there has been a 400% increase with this new, successful phishing technique, the number of victims of this attack will continue to rise. As the world becomes more reliant on online activities, cybersecurity becomes a necessity for both individuals and businesses. Cybercrime continues to evolve as cybercriminals develop more sophisticated methods of attack. Are you protected?

If you need any assistance with cybersecurity contact Hook Security today.Source:

Share on social media: 

More from the Blog

Hook Security Named “High Performer” in G2’s Fall 2022 Grid Report

Hook Security has been recognized as a High Performer in G2’s Fall 2022 Grid® Report for Security Awareness Training. 

Read Story

Hook Security Wins NEXT Venture Summit Pitch Competition

Hook Security was able to secure a spot in the top 10 and was given the chance to present to the panel of judges on September 22nd. Bringing home the win as Judge’s Choice and advancing to the on-stage competition in Atlanta. 

Read Story

Free Download: Cybersecurity Awareness Month Resource Kit

A complete kit of resources to show your support for 2022 Cybersecurity Awareness Month.

Read Story

Never miss a post.

Enter your email below to be added to our blog newsletter and stay informed, educated, and entertained!
We will never share your email address with third parties.