Monday, April 12, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Beware of this sneaky phishing technique now being used in more attacks

January 20, 2020
in Internet Security
Phishing campaign delivers data-stealing malware via fake court summons emails
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Why we’re still losing the fight against phishing attacks
Danny Palmer explains that it’s not fair to blame users for falling victim to attacks when employers aren’t doing enough to help. Read more: https://zd.net/31Oiisg

There’s been a large rise in cyber criminals using a particular phishing technique to trick workers into unwittingly installing malware, transferring money or handing over their login credentials.

You might also like

Ransomware: The internet’s biggest security crisis is getting worse. We need a way out

Washington State educational organizations targeted in cryptojacking spree

Critical Zoom vulnerability triggers remote code execution without user input

In conversation-hijacking attacks, hackers infiltrate real business email threads by exploiting previously compromised credentials –perhaps purchased on dark web forums, stolen or accessed via brute force attacks – before inserting themselves into the conversation in the guise of one of the group.

“Once they gain access to the account, attackers will spend time reading through conversations, researching their victims and looking for any deals or valuable conversations they can insert themselves,” Don Maclennan, SVP for engineering and product at Barracuda Networks told ZDNet.

SEE:  A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic) 

The idea is that by using a real identity and by mimicking the language that person uses, the phishing attack will be viewed as coming from a trusted colleague and is thus much more likely to be successful.

Cyber criminals are leaning hard on this attack technique as a means of compromising businesses, according to new research from Barracuda Networks. Analysis of 500,000 emails showed that conversation hijacking rose by over 400% between July and November last year.

While conversation-hijacking attacks are still relatively rare, the personal nature means they’re difficult to detect, are effective and potentially very costly to organisations that fall victim to campaigns.

For cyber criminals conducting conversation-hijacking attacks, the effort involved is much greater than simply spamming out phishing emails in the hope that a target clicks, but a successful attack can potentially be highly rewarding.

In most cases, the attackers won’t directly use the compromised account to send the malicious phishing message – because the user could notice that their outbox contains an email that they didn’t send.

However, what conversation hijackers do instead is attempt to impersonate domains, using techniques like typo-squatting – when a URL is the same as the target company, save for one or two slightly altered changes.

But by using a real name and a real email thread, the attackers are hoping that the intended target won’t notice the domain is slightly different and that they’ll follow the request that’s coming from their supposed contact, perhaps a colleague, customer, partner or vendor.

In some cases, it’s been known for conversation hijackers to communicate with their intended victims for weeks in order to ensure trust is built up.

At some point, the attacker will make their move and try to trick the victim into transferring money, sensitive information or potentially installing malware.

“These attacks are highly personalized, including the content, and therefore a lot more effective. They have the potential of a very large payout, especially when organizations are preparing to make a large payment, purchase or an acquisition,” said Olesia Klevchuk, senior product manager for email security at Barracuda Networks. 

“There is a great chance that someone will fall for a conversation-hijacking attack over a more traditional type of phishing,” she added.

SEE: Windows 7 end of life: Security risks and what you should do next

However, while conversation-hijacking attacks are more sophisticated than regular phishing attacks, they’re not impossible to spot. Users should pay attention to the email address a message is coming from and be suspicious if the domain is slightly different compared to what they’re used to seeing.

Users should also be wary of sudden demands for payments or transfers and, if there’s doubt about the origin of the request, they should contact the person requesting it, either in person, by phone or by starting a new email to their known address.

Organisations can also protect their employees from these attacks by implementing two-factor authentication, because by adding this extra layer, even if login credentials are stolen, attackers can’t use them to conduct further attacks.

MORE ON CYBERSECURITY

Credit: Zdnet

Previous Post

How can we trust AI if we don't know what it's thinking?

Next Post

Five Reasons to Go to Machine Learning Week 2020 - Machine Learning Times

Related Posts

Ransomware: The internet’s biggest security crisis is getting worse. We need a way out
Internet Security

Ransomware: The internet’s biggest security crisis is getting worse. We need a way out

April 12, 2021
Washington State educational organizations targeted in cryptojacking spree
Internet Security

Washington State educational organizations targeted in cryptojacking spree

April 10, 2021
Critical Zoom vulnerability triggers remote code execution without user input
Internet Security

Critical Zoom vulnerability triggers remote code execution without user input

April 10, 2021
Nation-state cyber attacks targeting businesses are on the rise
Internet Security

Nation-state cyber attacks targeting businesses are on the rise

April 10, 2021
These are the terrible passwords that people are still using. Here’s how to do better
Internet Security

These are the terrible passwords that people are still using. Here’s how to do better

April 9, 2021
Next Post
Five Reasons to Go to Machine Learning Week 2020 – Machine Learning Times

Five Reasons to Go to Machine Learning Week 2020 - Machine Learning Times

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Ransomware: The internet’s biggest security crisis is getting worse. We need a way out
Internet Security

Ransomware: The internet’s biggest security crisis is getting worse. We need a way out

April 12, 2021
Data Center Infrastructure Market is Projected to Reach USD 100 Billion by 2027
Data Science

Data Center Infrastructure Market is Projected to Reach USD 100 Billion by 2027

April 12, 2021
Hawaiʻi’s Keck Observatory Aids in Discovery of Rare “Quadruply Imaged Quasars”
Machine Learning

Hawaiʻi’s Keck Observatory Aids in Discovery of Rare “Quadruply Imaged Quasars”

April 12, 2021
Interpretive Analytics in One Picture
Data Science

Interpretive Analytics in One Picture

April 12, 2021
AI and Machine Learning Driven Contract Lifecycle Management for Government Contractors
Machine Learning

AI and Machine Learning Driven Contract Lifecycle Management for Government Contractors

April 12, 2021
Cambridge Quantum Computing Pioneers Quantum Machine Learning Methods for Reasoning
Machine Learning

Cambridge Quantum Computing Pioneers Quantum Machine Learning Methods for Reasoning

April 11, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Ransomware: The internet’s biggest security crisis is getting worse. We need a way out April 12, 2021
  • Data Center Infrastructure Market is Projected to Reach USD 100 Billion by 2027 April 12, 2021
  • Hawaiʻi’s Keck Observatory Aids in Discovery of Rare “Quadruply Imaged Quasars” April 12, 2021
  • Interpretive Analytics in One Picture April 12, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates