Cybersecurity researchers have warned of an increase in the number of e-mail interception cases. Cybercriminals use accounts of people trusted by users and send phishing links to download malware.
Phishing attacks have been a cybersecurity issue for a long time. They range from simple attacks (the victim allegedly won a prize, and she just needs to click on the link to receive it) to targeted campaigns during which corporate emails are sent out designed for a specific purpose. For example, cybercriminals often send emails on behalf of the CEO of a company, trying to trick employees into following their boss’s orders.
But scammers are increasingly seeking to use legitimate user email accounts, intercepting current conversations to send phishing emails. Such attacks with interception of correspondence can potentially be more effective, since the source of the email is a trusted person, and the message arrives during an ongoing conversation and does not look so suspicious.
According to cybersecurity researchers from Barracuda Networks, in 2021 alone, the number of conversation interception attacks increased by almost 270%. The attacks begin by taking control of the victim’s email account, which the attackers can then use for their own purposes.
Having gained control of the account, attackers spend time reading emails and monitoring current messages in order to better understand the user’s daily activities, learn the style of communication with other contacts, as well as get information about business transactions, payment procedures and potential transactions.
Cybercriminals use the collected information to create authentic and convincing messages that appear in current conversations, inviting users to click on a malicious link or download a malicious attachment – all in the right context of the situation.
Eavesdropping attacks require more time and effort than regular phishing attacks, but for cybercriminals, patience can be extremely beneficial.
But, as in the case of other phishing attacks, users can protect themselves from this cyber threat. Strong passwords should be applied to accounts. Users should also use multi-factor authentication, creating an additional barrier of protection against cybercriminals. In addition, if there is a suspicion of password theft, it should be changed as soon as possible.