In a recent report, Barracuda Networks found that there has been a sharp increase in the number of domain-impersonation attacks to facilitate conversation hijacking.
Cybercriminals gain access to existing business conversations or instigate new ones based on the information they have found from compromised e-mail accounts. Attackers read through e-mails and monitor the accounts to understand details about business operations.
They then use this information to create convincing e-mails from impersonated accounts to trick people into making financial transactions or updating payment information, thereby giving them access.
While the volume of these attacks is low compared with others, they are often very personalised, difficult to detect and prove to be very costly. There are, however, some key steps enterprises can take to avoid this:
Train employees to recognise and report attacks
Organisations can use phishing simulation to train staff, test the effectiveness of training plans and evaluate those users who are most vulnerable to attacks.
Use account-takeover protection
Many conversation hijacking attacks start with account takeover. Using multi-factor authentication can provide an extra layer of security to ensure scammers can’t gain access.
Monitor inbox rules, account logins, and domain registrations
Technology can identify suspicious e-mail activity including logins from unusual locations.
Leverage artificial intelligence
Cybercriminals are adapting their methods to bypass spam filters, so it’s critical to use artificial intelligence to detect and block attacks. Machine learning tools can analyse normal communication patterns within your organisation and spot anomalies that may indicate an attack.
Strengthen internal policies
Help employees avoid giving away money and making payment changes by putting guidelines in place, for example, requiring in-person or phone approval for financial transactions.
Don MacLennan is the senior vice president of engineering and product at Barracuda
Share this story