Ask an MSP Expert: What is conversation hijacking and how can I protect against it?

Q: Lately we have heard a lot about emerging conversation hijacking threats. What does conversation hijacking entail and how can my MSP business prevent it from negatively affecting our customers?

Hackers and other bad actors are always inventing new methods and tactics to access organizations’ sensitive data. One of the newest methods is conversation hijacking. Recent research from Barracuda Networks revealed a 400-percent increase in domain-impersonation attacks used for conversation hijacking.

To get a better understanding of how conversation hijacking works, Smarter MSP examined the relevant research and spoke with security experts to uncover different ways MSPs can eliminate this threat.

What is conversation hijacking?

Conversation hijacking is a phishing attack that occurs when a hacker gains access to a business conversation (or creates one themselves) by using compromised credentials. Once they have gained access to the compromised account (often an email account), the hacker will typically study emails and available information they can uncover. The hacker then inserts themselves in the conversation and sends a note in the name of the compromised account owner. This helps them manipulate other users into providing them with the data and resources that they are seeking.

Conversation hijacking allows hackers to take advantage of the fact that recipients are more likely to fulfill requests from email users they recognize. Recipients often believe and don’t ask questions about requests for money or private information when they believe it is  coming from an important account, like the CEO. Thanks to their ability to compromise the account and then conduct extensive research about the user, hackers can make these types of phishing attacks highly personalized, which increases their chance of success.

Stop conversation hijacking with AI

Automation can be an incredibly useful tool for MSPs in their battle to protect end users from falling victim to conversation hijacking. By integrating these in with  their security tools, MSPs can  monitor account logins and see if there are any login attempts that are coming from unusual locations. Automation can also help detect suspicious emails from impersonated domains and eliminate malicious ones before they reach a user’s inbox. AI also does a great job with spotting other clues  a human might miss, such as domain names that are very slightly subtly changed from the original domain that it is pretending to be.

Other ways to prevent conversation hijacking

One of the most effective ways to stop any cyberattack, especially conversation hijacking, is with a comprehensive security awareness training program. MSPs can offer these programs to their clients to educate users on how to identify spear phishing attempts and avoid falling victim to them. Live simulations of phishing attacks allow MSPs and their clients to track the progress of individual users and determine which ones may need extra training and protection.

Setting up internal security processes can also lower the likelihood of a successful conversation hijacking attempt. Multi-factor authentication and in-person approvals for things like granting access or permission to transmit funds can keep users alert when a hacker tries to hijack a conversation. Now that more companies are working remotely, in person approvals can easily be given over Zoom calls or over the phone.

Conversation hijacking is becoming more popular because it allows hackers  to gain access to a user’s data and resources with the user’s “permission.” It’s a method that gives them the ability to take what they want by hiding behind a trusted account the entire time. By leveraging a combination of technologies such as AI and strong internal policies, hackers won’t be able to sneak their way through an organization’s front door as easily.

Photo: Twinsterphoto / Shutterstock