Phishing attacks have been an age-old cybersecurity problem, with threat actors sending out bulk emails in an attempt to trick users into sharing confidential data, fraudulent bank transactions, or entering their passwords via bogus login portals.
Threat actors are exploiting email accounts by hijacking ongoing conversations between the users to send out phishing emails. This method is more effective since the victim thinks the mail is from a trusted user and is part of their ongoing conversation. According to cybersecurity research by Barracuda Networks, in 2021 alone, conversation hijacking attacks rose by almost 270%.
“Although there is a lot of upfront work when conversation hijacking is done “right,” it can have a huge payout for cybercriminals. The number is growing because it’s very difficult to detect, success rates can be high and payouts are big, I expect that the number of these instances will continue to grow in the coming years. Make sure you are prepared for a cyber attack – have a well thought out response plan in place that will help you recover quickly” Mike Flouton, VP Product Management at Barracuda Networks told ZDNet.