Hijacking UK Email Accounts for Phishing

November 12, 2018
Hijacking UK Email Accounts for Phishing

There has been a significant rise in stolen corporate email accounts that are being used in phishing attempts. This is according to a new report by security experts Barracuda.

The security firm is claiming email accounts from employees all over the UK are being stolen. Hackers would then log into these accounts remotely and, posing as the email’s legitimate owner, try to ‘phish’ out any valuable information.

Besides phishing for valuable information, the attackers can also use their disguise to try and get the victim to click on a malicious link, which would end up downloading a piece of malware onto the machine.

What’s particularly interesting (and dangerous) about these attacks is the fact that the victim is almost always completely unaware that the email has been taken over and genuinely believes that the email they’re getting is honest.

By ensuring that people believe they’re interacting with a person they trust — perhaps someone even within the same organisation — the scammers hope victims won’t be suspicious about downloading and opening attachments they might be sent as part of the conversation. That means victims can relatively easily be tricked into downloading malware.

Now researchers at email and web security firm AppRiver have uncovered what they refer to as “an unparalleled spike” in this form of phishing attack — and a campaign is leveraging conversation hijacking to deliver the Gozi banking trojan, providing the attackers with access to the victim’s financial details and the ability to clean out their account.

The attackers begin with phishing campaigns designed to acquire the email login details of targets. Large numbers of phishing emails are sent, using lures with a variety of themes designed to trick targets into opening malicious documents and clicking on an embedded URL.

“The attacks they launch are most commonly phishing campaigns that will often go undetected by security solutions as they appear to be genuine emails,” Barracuda says.

“Over the last few weeks, we have specifically been seeing a large number of mass phishing campaigns that use legitimate compromised accounts from UK based organizations.”

Barracuda suggest a number of security measures, including strong passwords and staying vigilant when receiving emails that might sound ‘phishy’.


About the author

Leave a Reply