Hackers increasingly pretend to be a coworker to steal company secrets, and incidents of such conversation hijacking are up 400%



  • Hackers are increasingly using fake email addresses to impersonate their victims’ colleagues and access sensitive company information. 
  • A new report, published by California-based Barracuda Networks, shows such incidents jumped by 400% in the space of a few months. 
  • According to figures published by the FBI, phishing attacks like this cost American businesses close to half a billion dollars every year. 
  • Click here for more BI Prime stories.

Hackers are increasingly using phoney email addresses to impersonate their victims’ colleagues – with a new report suggesting such attacks have risen 400% in a matter of months. 

An analysis of half a million cyber attacks, conducted by California-based Barracuda Networks, found a sharp increase in “conversation hijacking” between July and November last year – in which hackers pose as colleagues to gain sensitive information – rising from just 500 to around 2,000. According to figures published by the FBI in 2017, phishing attacks cost American businesses close to half a billion dollars every year. 

Don MacLennan, Barracuda’s senior VP of engineering and product, says conversation hijacking is a “highly targeted” form of attack, suggesting that attackers will familiarize themselves with the inner workings of a business, read existing email chains, and then pose as as an employee using a similar-looking email address. 

“It can be easy to miss the subtle differences between the legitimate URL and the impersonated URL,” he said. “Cybercriminals invest a lot of time, effort and money into registering fake domains and hijacking these conversations.” 

MacLennan went on to explain that hackers may access an individual employee’s email account – but may not use the account itself to reach out to colleagues, so as to avoid detection. 

“From there, they will insert themselves into existing business conversations or initiate new conversations based on information they’ve gathered from compromised email accounts or other sources. They will spend time reading through emails and monitoring the compromised account in order to better understand the business operation: learning about any deals in the works, payment procedures – the list goes on. 

“They don’t always use compromised email accounts to perform the impersonation attacks,” he added. “Because the owner of the compromised account is more likely to notice the fraudulent communication.

“Accounts don’t usually stay remain compromised for long, so once the hacker has obtained whatever important information they were after, conversation hijacking can involve weeks of continuous communication between the attacker and victim.” 

Barracuda outlined their selection five key ways to avoid falling victim to conversation hijacking, which includes: training employees to recognise attacks, multi-factor authentication, monitoring suspicious accounts, strengthening internal policies and using artificial intelligence to block attacks. 

MacLennan said: “Help employees avoid making costly mistakes by creating guidelines and putting procedures in place to confirm all email requests for payment changes.

“Ensure staffers can recognize attacks, understand their fraudulent nature, and know how to report them.” 

Join the conversation about this story »

NOW WATCH: Last minute gift wrapping? Here’s how to wrap your present in under 2 minutes.