Cyber Chat: Protecting against conversation hijacking and phishing attacks

cyber-chat-conversation-hijacking-phishing

Phishing scams 

Have you ever had a conversation with someone and another person who wasn’t part of the conversation suddenly chimes in? Maybe it was while you were in line at a coffee shop or at your kid’s sports game. Maybe even your phone chimes in when you didn’t realize you activated your digital assistant (in our house, we call our voice-activated assistant “faceless woman” in everyday conversation to avoid having her accidentally butt into our conversations when she isn’t invited). 

I was recently having a conversation with my husband downstairs as we were making plans for an upcoming trip. As we were writing what we thought were our final plans into our calendar, we heard one of the kids from upstairs chime in with a new idea to consider. It caught us a bit off guard, because we didn’t realize the kids were listening (they were supposed to be sleeping!). Since we want them to feel included in our plans, we ended up adjusting what we wrote down, but also had a chat with them about listening in on other people’s conversations (and going to sleep when its bedtime). 

What happens when this same thing happens in an email conversation? I recently learned that a common phishing tactic, called ”conversation hijacking”, is rising in popularity with hackers. 

What is conversation hijacking? 

Conversation hijacking is a type of phishing scam. Phishing scams are attempts by cybercriminals to trick users into performing an action like clicking a malicious link, entering credentials, opening an attachment or even making changes to a company’s process (like changing payroll information or account numbers).  

This particular type of phishing attack is exactly what it sounds like; the scammers cut into an existing email conversation and try to trick victims to perform some type of action by pretending to be someone they can trust. 

How do scammers insert themselves into the conversation?

Scammers join the conversation in typically one of two ways: 

The first is leveraging one of the email accounts involved in the thread, which has been compromised. With this access, they simply reply to the thread and it looks just like one of the original senders. 

They also may use a previously stolen email message and reply to it with a different email address or a spoofed version of a legitimate email address that mimics a contact that’s already included in the thread. 

Both techniques have resulted in victims following through on scammers’ requests in the emails – it’s the use of an original email chain that gives users a false sense of security. 

What should you look for in your emails? 

There’s no doubt about it – a conversation hijacking phishing scam can be tricky to spot. Your best defense is to remember your phishing scam training and stay vigilant and listen to the little voice inside your head telling you something isn’t right. Be particularly wary of: 

How should you respond to a conversation hijacking email? 

Don’t respond to the email itself if you think there is anything suspicious with it. If you believe you need to take action based on something in the email, verify the request using a different communication method first, such as sending a text message or calling the supposed sender using a number that you already had. It’s better to be safe than sorry. 

You can report potential phishing and any other suspicious personal emails to reportphishing@apwg.org. If it’s an email that was sent to your company email, follow your organization’s procedures for reporting it to your information security or IT team for investigation. 

How to protect against phishing attacks 

Conversation hijacking is a form of phishing scam. To protect you and your family from phishing in general and keep your personal information out of the hands of scammers, follow this guidance from my leader and Veeam CISO, Gil Vega: 

Whether your kids are eavesdropping on a conversation with your significant other or a stranger adds their opinion into a conversation you are having with a friend, a quick cyber chat about how this same phenomenon can also happen with your email and can help your loved ones be more aware of phishing scams and security while online. 

Additional resources: 

Exit mobile version