Conversation hijacking doubles in 2021

Users are frequently aware of plain phishing schemes and do not open any fraudulent links or attachments, especially when they appear out of nowhere and with no context. However, conversation hijacking is an advanced type of phishing attack where fraudsters use already existing conversations to spread malware or extract money from the victims.

These attacks tend to be much more effective because the message comes as part of an ongoing email chain, so it doesn't look as suspicious as an unexpected email coming out of nowhere and asking for you to pay an invoice or download an attachment to view supposedly important documents.

Even though conversation hijacking attacks are much less common than usual phishing attacks, they still happen thousands of times every month. 

Analysis by Atlas VPN reveals that conversation hijacking attacks more than doubled in 2021 surging from 5,106 in Q1 2021 to 12,606 in Q4 2021, representing a growth of 147% for the period. The data for the analysis on conversation hijacking attacks was provided by Baraccuda, a worldwide leader in online security. 

Interestingly, the most dramatic increase happened from Q1 2021 to Q2 2021, where the volume of attacks surged by 101% in a quarter. 

The volume of attacks continued to rise throughout the year but at a much slower pace. 

Looking at the volume of attacks from another angle, businesses globally encountered an average of 137 conversation hijacking attacks per day in Q4 2021. 

Besides effectiveness, the upward trend in advanced phishing attacks is also spurred by numerous data breaches in the past few years. In short, hackers use compromised login credentials from data breaches to access poorly secured email addresses and then carry out conversation hijacking attacks. 

Ways to stop conversation hijacking

It is significantly more difficult to detect conversation hijacking than regular phishing attacks. 

When fraudsters access the email address of someone within the organization it is nearly impossible to avoid some sort of damage, be it financial or disruption in activities. 

In turn, companies should focus on preventing these types of attacks instead of thinking of how they can mitigate damages if they do happen. Mitigation is an important strategy, but it is a preparation for the worst-case scenario that adequately protected enterprises should not encounter.

First off, everyone, without exception, should set up 2-FA (2-factor authentication) on all of their email accounts as well as other communication platforms that offer this security measure.

2-FA is by far the most effective way to prevent cybercriminals from using compromised credentials to access sensitive email addresses. 

Besides that, even if you are lazy with your password management, the least you can do is use a different password for your email account because it’s the gatekeeper of all of your other accounts. 

If you see suspicious activity on some of your social media accounts, you simply change the password, but if your primary email account gets compromised, then damages can be substantial.