Conversation Hijacking used in phishing attempts increased 270% last year!

What is Conversation Hijacking?

This type of phishing attempt involves the attacker gaining unauthorized access to a “personal” email account, like Outlook, Yahoo, or non-Williams Gmail. Once inside that victim’s account, the attacker takes the time to read through the sent items to understand who the victim is corresponding with, why and how. The victim is actually a pivot point, that the attacker then uses to masquerade as the victim, and insert themselves into an ongoing email conversation, pretending to be the victim. Then the attacker uses this position and information to craft convincing looking and sounding email messages to the victim’s contacts, angling for passwords, payment procedures, potential business deals, or to try to get the recipient to click a malicious link.

This means that a recipient of this sort of attack will have no easy way of identifying it, since it appears to have come from a legitimate account of a person or organization known to them. That’s what makes it different from the “boss-spoofing” emails we usually see, and close inspection of the sender’s email address will not help in the case of conversation hijacking.

How to detect it?

If a back-and-forth email chain about vacation plans suddenly turns to “send me your half via Venmo and I’ll book it” or something similar, that should send up a red flag. Call the person you’ve been emailing and ask them to confirm that they sent the message and want you to send them money via Venmo.

The attack may be more subtle than this example, but all attackers generally want the same things: information, money or access. And they love gift cards because they can be difficult to trace.

Researchers also note that Microsoft is the most impersonated brand, so be particularly wary of links to Office365, SharePoint or Azure products.

How to prevent it?

Secure your personal email accounts, and encourage your friends and loved ones to do the same. Specifically:
• Choose a strong, unique password for your email accounts
• Always use 2-Factor Authentication…it’s the #1 way to block hackers!
• Occasionally check your Sent items to ensure you recognize all outgoing mail as your own
• Never share your passwords, banking or credit card information, or any sensitive information about Williams with a person who you haven’t verified by voice call or in-person meeting.

You may submit suspicious email to [email protected] Thank you, and stay safe online and off!