If you have ever had a stranger answer a question you did not ask them or butt into a chat with your best friend, you may think you have experienced conversation hacking. And while having a total stranger weigh in on the events of the day is certainly uncomfortable, it does not pose a risk to your financial security.
True conversation hijacking is different, and it is an emerging threat in the world of cyber security. If you rely on email to do your job or conduct your business, you need to understand what conversation hijacking is, how it works, why it is so insidious and most of all how to recognize the signs and stop it in its tracks.
Conversation hijacking is just what it sounds like, and it starts when a criminal gains access to a legitimate email address. Sometimes the intrusion happens directly, with someone hacking into the targeted corporate network and guessing passwords. Other times conversation hijacking is the end result of a prior phishing attack, one that convinced a targeted individual to give up their log in information.
In other cases, the email addresses and passwords have been purchased on the dark web, a strange and nefarious marketplace where all manner of goods, including personal information, is for sale. But no matter how the conversation hijacking originated, what happens next is as frightening as it is ingenious.
Once the criminal is safely inside the network and logged on with their compromised or stolen email credentials, they take a look around, seeking out conversation threads they can use to their advantage. It is easy to see how dangerous this type of intrusion can be.
These conversation threads could be almost anything, from discussions about an ongoing project to talks surrounding an upcoming merger. The perpetrators of conversation hijacking are typically looking for high profile targets; think CEOs, CIOs, board members and the like.
Since the targets of conversation hijacking are so high profile, the damage done can be truly enormous. Just think about what would happen if a conversation hijacker, posing as a legitimate member of the team, convinced the CEO to provide banking details, or if a board member agrees to share proprietary information on a proposed merger or acquisition.
It is easy to see why this emerging type of cybercrime can be so successful. Instead of coming from the outside, the criminal is actually hiding in plain sight, inserting themselves into ongoing conversations that appear totally legitimate. This creates a level of trust that would be impossible to achieve with traditional phishing or spearphishing attack.