Cybersecurity Threat: Conversation Hijacking Shows 400% Increase

Feb 19, 2020

Cybersecurity Threat: Conversation Hijacking Shows 400% Increase

Your organization may employ the latest tools in cybersecurity. Employees are well trained, never fall victim to phishing emails. SSO (Single Sign-on) is in place, and it’s very hard for hackers to initiate account takeover. The question remains, do your partners, vendors, and other outside contacts have the same high-security posture in place?

New forms of domain-impersonation cyberattacks are on the rise. Conversation hijacking attacks are the latest threats used by cybercriminals to impersonate external senders to access private information compromised from email and other sources.

With phishing or spear-phishing attacks, the goal is a quick and decisive action. Attackers using conversation hijacking take their time reading through emails and monitor a compromised account to learn about business deals, payment information, and other organizational procedures. When the time is right, attackers will “hijack” the conversation using impersonated domains from other employees, partners, or vendors to craft convincing messages and trick victims into wiring money or updating payment information.

According to Barracuda researchers, there was a 400-percent increase in domain impersonation attacks used for conversation hijacking. An analysis of 500,000 monthly email attacks showed in July of 2019, approximately 500 conversation hijack attacks took place. That number grew to over 2,000 in November of 2019.

Domain Email Spoofing Examples:

In the following examples via Barracuda Networks, attackers are impersonating internal and external domain email addresses.

Below is an attempt to impersonate the internal email address with

In this example, attackers attempt to spoof external email addresses associated with an organization’s business partners, vendors, contractors, accountants, etc. The domain From email address is listed as, the correct domain email address associated with partner is

How to Combat Conversation Hijacking

Cybercriminals invest a lot of time, effort, and money to register an impersonating domain and hijack a conversation. Attackers will spend weeks monitoring conversations and correspondence with a potential target with a goal of wiring money, making a payment of some kind, or change payment details. In the event the original target’s account is secured, cybercriminals can proceed with an attack outside of an organization. These attacks are highly profitable and can impose serious financial damages to an organization. What can you do to combat these attacks?

End-User Training
Educate end-users about email attacks, including conversation hijacking and domain impersonation, as part of security awareness training. Phishing simulation can train users to identify cyberattacks and test the effectiveness of your training.

Use Multi-Factor Authentication
Multi-factor authentication (MFA) is a security system that requires more than one method of authentication from independent categories of credentials to verify the user’s identity for a login, or other transaction. Multi-factor authentication provides an additional layer of security to account takeover above and beyond a username and password.

Leverage Artificial Intelligence
Cybercriminals use the latest tactics to bypass gateways and spam filters. Consider a solution that uses artificial intelligence such as Barracuda Sentinel to detect and block attacks, including account takeover and domain impersonation.

Strengthen Internal Policies
Create company standard operating procedures involving all email requests for wire transfers and payment changes. Require in-person or telephone confirmation and/or approval from multiple people for all financial transactions.

Know the Threats in Living in Your Inbox
An Email Threat Scan (ETS) can help organizations:

Have Questions?

Do you have questions about the latest in cybersecurity solutions and how to protect your organization from cyberattacks? We want to help! Visit our Contact Us page and get in touch.