This summer, Business Email Compromise (BEC) attacks were rampant. These attacks have the potential to cause major financial and/or reputation damage. One of the most harmful types of BEC attacks is thread hijacking, which involves the infiltration and manipulation of ongoing email conversations for fraudulent purposes. In this blog we look at real-life examples of thread hijacks, caught by our Advanced Threat Prevention platform before they could cost our customers over $1,951,000! 

What is Thread Hijacking?

Thread hijacking attacks exploit the trust established within an email conversation. Cybercriminals gain unauthorized access to an existing email thread, usually by compromising one of the participants’ email accounts. This usually begins by a user falling for a phishing campaign and then becoming the victim of an account takeover attack (ATO) once the attacker gains access to the account with stolen credentials. 

Once inside the mailbox, the attacker will monitor the victim’s email conversations and wait for the right opportunity to make a move. When an attacker identifies a relevant conversation, they jump into the thread by sending fraudulent messages. Attackers often impersonate one of the legitimate participants in the thread, like a colleague, superior, or vendor. 

Once inside the thread, they subtly manipulated the conversation, introducing fraudulent content or changing transaction details to divert funds or sensitive information to their accounts. Attackers rely on the trust built within the thread, making it challenging for participants to recognize the manipulation, as the emails seem to come from trusted sources. 

Now that we know what thread hijacking is, let’s take a look at some sophisticated examples that were prevented by Perception Point before they could cause any harm to our customers.