Body
Conversational Highjacking Scams
Have you ever had a conversation with someone and another person who wasn’t part of the conversation suddenly chimes in? Maybe it was while you were in line at a coffee shop or your kid’s sports game. Maybe even your phone chimes in when you didn’t realize you activated your digital assistant.
This same thing can happen in an email conversation and it is a common phishing tactic, called ”conversation hijacking or scam”. Conversation hijacking is a type of phishing scam. Phishing scams are attempts by cybercriminals to trick users into performing an action like clicking a malicious link, entering credentials, opening an attachment or even making changes to a company’s process (like changing payroll information or account numbers).
This particular type of phishing attack is exactly what it sounds like; the scammers cut into an existing email conversation and try to trick victims into performing some type of action by pretending to be someone they can trust.
Scammers join the conversation in typically one of two ways:
The first is leveraging one of the email accounts involved in the thread, which has been compromised. With this access, they simply reply to the thread and it looks just like one of the original senders.
They also may use a previously stolen email message and reply to it with a different email address or a spoofed version of a legitimate email address that mimics a contact that’s already included in the thread.
Both techniques have resulted in victims following through on scammers’ requests in the emails – it’s the use of an original email chain that gives users a false sense of security.
What should you look for in your emails?
There’s no doubt about it – a conversation hijacking phishing scam can be tricky to spot. Your best defense is to remember your phishing scam training and stay vigilant and listen to the little voice inside your head telling you something isn’t right. Be particularly wary of:
- Urgent requests
- Responses to old email threads (especially ones that you thought were dead)
- Unexpected attachments (particularly .html and .zip files)
- A new voice in an old email thread
- A difference in the sender’s email address
How should you respond to a conversation hijacking email?
Don’t respond to the email itself if you think there is anything suspicious with it. If you believe you need to take action based on something in the email, verify the request using a different communication method first, such as sending a text message or calling the supposed sender using a number that you already had. It’s better to be safe than sorry.
You can report potential phishing and any other suspicious emails to the CWU Security Team by following the instructions listed here https://cwu.teamdynamix.com/TDClient/2015/Portal/KB/ArticleDet?ID=78311
How to protect against phishing attacks:
Conversation hijacking is a form of phishing scam. To protect yourself and keep your personal information out of the hands of scammers, follow the below suggestions:
- Do your homework. Search online for information about the supposed sender. You can even search for the exact email you received and see if others have already tagged it as a scam.
- Confirm requests using a second method of verification. Never email the sender back or reply to suspicious emails. Use a separate method of communication, like a phone number or email address, to contact the sender and confirm the request.
- Hover over links in the email and see if the hyperlink’s web address matches the company’s legitimate website domain. Type the web addresses into a browser if you think it’s a fake website, don’t click on the link itself.
- Look at the file name of any attachments. Do you need or were you expecting an attachment? Never open an attachment that you are not expecting or one that ends with an extension you may not recognize (i.e., filename.exe when it says it is a Word document).
- Use your own judgement. Employee awareness training starts with using common sense to help identify if an email is legitimate or if it may be phishy.
If you'd like more information and to see where this information was retrieved from, please visit https://www.veeam.com/blog/conversation-hijacking-phishing-scam.html