We all know that emails can’t always be trusted. From suspicious attachments to phony email addresses to the latest “Nigerian prince” scheme, you know not to believe everything you read in an email. But what about emails from people you know and trust? They wouldn’t send you malware or hack into your network, would they?
Well, they wouldn’t… But someone accessing their email address might! Hackers have realized that we’ve caught onto their schemes, including phony email addresses. And as always, cyber criminals are up to no good, identifying new ways to get around our defenses. One of those workarounds is to simply take over the legitimate email addresses of people you know, so that you think you’re talking to a trusted friend or colleague rather than a hacker.
Rather than starting a new email, these clever tricksters might dive right into the middle of a back-and-forth exchange. You’re conversing with a colleague, and then they send you a message such as: “Yeah, I agree… On that topic, check this out!” A link is attached, and you click on it because you believe it was sent by someone you know.
What actually happens is that hacker dives into the tail end of a conversation and uses your email thread to deliver a harmful link.
This “conversational hijacking” tactic has been around for a few years now and can be successful if you aren’t paying attention. A few years back, the Gozi banking Trojan virus was delivered this way, and hackers got their hands on the bank account details of numerous individuals.
So even if you know the person who sends you a link or attachment, it still doesn’t hurt to call or text them before opening it. Of course, remember to keep your security settings nice and tight. For more on that, call us at 888-RING-MY-TECH so that we can troubleshoot your system. If we spot any vulnerabilities we can help you install the right security parameters to prevent Malware and other types of attacks.
