Cybercriminals are clever and always find new ways to rip you off. Data breaches, ransomware and phishing scams are constantly making headlines.
We report on these attacks because it’s important to know what criminals are up to and how to stop them. Tap or click here to see Kim’s top 10 recent security tips.
Now there is a new threat you need to be aware of. It’s called “conversation hijacking,” and the number of attacks has dramatically increased in recent months.
Why conversation hijacking is a real threat
Conversation hijacking is a way cybercriminals steal sensitive information and money, they just do it in a more personalized way.
It’s when crooks insert themselves into existing conversations or create new ones at your place of business. They sometimes prep for these conversations by taking over an account within the company and reading through emails to understand business operations.
The whole point is to send convincing messages and pose as coworkers, your boss or HR. They do this to trick employees into wiring money or changing payment information so it goes to the scammer.
Security company Barracuda recently reported a huge jump in the number of these types of attacks. They increased by 400% from July 2019 to November 2019.
How to stay safe
Once a criminal has stolen personal information about employees, one possible outcome is identity theft. With the right information, they can sign up for credit accounts in your name among other things.
For more ways to protect against conversation hijacking, Barracuda offered the following suggestions:
- Make sure employees are trained to recognize and report – Educate users about email attacks, including phishing scams, conversation hijacking and domain spoofing. Tap or click here to learn more about phishing emails.
- Use 2FA to prevent account takeovers – Since conversation hijacking can result from account takeovers, it’s a good idea to use two-factor authentication (2FA) on all of your accounts. Tap or click here to learn more about 2FA.
- Monitor inbox rules, account logins and domain registrations – Use technology to identify suspicious activity, including logins from unusual locations and IP addresses.
- Incorporate artificial intelligence – Companies should be using artificial intelligence programs to detect and block email attacks.
- Have strong internal policies – Help employees avoid making costly mistakes by creating guidelines and putting procedures in place to confirm all email requests for wire transfers and payment changes. Require in-person or telephone confirmation and/or approval from multiple people for all financial transactions.
Since these attacks are becoming more common, everyone needs to know what to look for and how to stay protected. Share this story with friends and family so they know what’s going on, too.