Although phishing has been around for many years, it continues to evolve and is still a major threat. Many phishing tactics are highly sophisticated, such as hijacking employees email reply chains. This method especially catches people off guard.
Barracuda researchers said that there has been a 400% gain over the past few months in domain impersonation attacks which are used in conversation hijacking. Cyber criminals start by sending emails to employees with a phony domain name that is very close to the real company domain. For example, alliedgateway.com might be allliedgateway.com with one additional L and employees might not notice a letter off or .com replaced with .net. Sometimes they also break into an employee’s email account and get to know what is going on, styles of writing and more so they can strike at just the right time and look very real.
How Can you Protect Your Company From Domain Impersonation and Conversation Hijacking?
1. Train Employees to Recognize and Report Attacks
Security training including weekly emails with tips for users on how to avoid the latest scams is very helpful.
We can also send fake emails to employees for training to see who is getting tricked and might need additional training.
2. Protect Against Account Take Over
Some conversation hijacking is through a fake domain name but some is the result of breaking into an employee’s email account. Turn on multi-factor authentication so logins require extra security beyond just a password. This can be turned on at no cost for Office 365 and other systems.
3. Monitor Inbox Rules, Account Logins
Often when a hacker gets into a mailbox, they will setup new inbox rules to forward email to their own account and other rules that you did not create are a tipoff. Sometimes the login location is also shown, and if so, it can be used to detect suspicious activity.
4. Strengthen Internal Policies
Be sure to put procedures in place to confirm email requests for wire transfers and payment changes. Require in person or phone confirmation of multiple people for all financial transactions.
Contact ASIS, LLC today if you need assistance with cyber security protections.
Information from TechRepublic: