Q: Lately we have heard a lot about emerging conversation hijacking threats. What does conversation hijacking entail and how can my MSP business prevent it from negatively affecting our customers?
Hackers and other bad actors are always inventing new methods and tactics to access organizations’ sensitive data. One of the newest methods is conversation hijacking. Recent research from Barracuda Networks revealed a 400-percent increase in domain-impersonation attacks used for conversation hijacking.
To get a better understanding of how conversation hijacking works, Smarter MSP examined the relevant research and spoke with security experts to uncover different ways MSPs can eliminate this threat.
What is conversation hijacking?
Conversation hijacking is a phishing attack that occurs when a hacker gains access to a business conversation (or creates one themselves) by using compromised credentials. Once they have gained access to the compromised account (often an email account), the hacker will typically study emails and available information they can uncover. The hacker then inserts themselves in the conversation and sends a note in the name of the compromised account owner. This helps them manipulate other users into providing them with the data and resources that they are seeking.
Conversation hijacking allows hackers to take advantage of the fact that recipients are more likely to fulfill requests from email users they recognize. Recipients often believe and don’t ask questions about requests for money or private information when they believe it is coming from an important account, like the CEO. Thanks to their ability to compromise the account and then conduct extensive research about the user, hackers can make these types of phishing attacks highly personalized, which increases their chance of success.
By using #ConversationHijacking, hackers take advantage of the fact that recipients are more likely to fulfill requests from email users they recognize. #CyberSecurity
Stop conversation hijacking with AI
Automation can be an incredibly useful tool for MSPs in their battle to protect end users from falling victim to conversation hijacking. By integrating these in with their security tools, MSPs can monitor account logins and see if there are any login attempts that are coming from unusual locations. Automation can also help detect suspicious emails from impersonated domains and eliminate malicious ones before they reach a user’s inbox. AI also does a great job with spotting other clues a human might miss, such as domain names that are very slightly subtly changed from the original domain that it is pretending to be.
Other ways to prevent conversation hijacking
One of the most effective ways to stop any cyberattack, especially conversation hijacking, is with a comprehensive security awareness training program. MSPs can offer these programs to their clients to educate users on how to identify spear phishing attempts and avoid falling victim to them. Live simulations of phishing attacks allow MSPs and their clients to track the progress of individual users and determine which ones may need extra training and protection.
Setting up internal security processes can also lower the likelihood of a successful conversation hijacking attempt. Multi-factor authentication and in-person approvals for things like granting access or permission to transmit funds can keep users alert when a hacker tries to hijack a conversation. Now that more companies are working remotely, in person approvals can easily be given over Zoom calls or over the phone.
Now that more companies are #WorkingFromHome, in person approvals can easily be given over Zoom calls or over the phone to reduce the chances of successful #ConversationHijacking attempts.
Conversation hijacking is becoming more popular because it allows hackers to gain access to a user’s data and resources with the user’s “permission.” It’s a method that gives them the ability to take what they want by hiding behind a trusted account the entire time. By leveraging a combination of technologies such as AI and strong internal policies, hackers won’t be able to sneak their way through an organization’s front door as easily.
Photo: Twinsterphoto / Shutterstock
What a scary way to hack! Has happened to a few clients and friends.
Had a client today call me about this. People need to pay attention
We have some customers who where actually suffered from conversation Hijacking, but it is always suspicious!
Informative article and definitely something to be on the lookout for.
Just goes to show how important it is to pay attention when going over emails
This just happened to an end user this week!
We have seen this happen at a client. Very important to have 2 factor on email accounts, and end user training is getting more and more critical. Am interested to learn more about automating finding suspicious domain accounts.
1st line of defense is user education!
Such a scary scenario. Sounds like the Barracuda Sentinel solution will help protect our clients.
Ensuring you have proper MFA in place will greatly reduce the risk as well
“Hack the Person!” This is a very good post/lesson for all. Thank you