Email Hi-jacking

Man in the Middle

Odoo CMS - a big picture

Who's listening in on your conversations?

Would you like to discuss your team's security awareness?

Contact us »

We are seeing increased activity around email account compromises and subsequent hi-jacking of these accounts. Once infiltrated, hackers are able to eavesdrop on communications (such as BCCing all emails to a hacker's account or accessing your email accounts from the applicable webmail platform). Additionally, with an infiltrated account, a hacker can send spoof emails — messages that appear legitimate — requesting everything from money transfers, bill payments, financial data and passwords. These emails often target the hacked account's customers, suppliers and the business senior management.

These attacks are often termed man in the middle, essentially the attack requires only that the hacker place him/ herself between two parties that are trying to communicate. In turn they are then able to intercept and control the conversation with the ability to impersonate at least one of the parties (but in more and more instances both parties).

In addition to these style of attacks, address books are often harvested and added to mailing lists for the subsequent distribution of SPAM, viruses and malicious links.

How are you able to identify that your account has been compromised or you have been subject to such an attack?

Sometimes this can be very difficult to note unless you are running some sort of Intrusion Detection system across your mail services. Such systems should be able to readily detect unauthorised access to an account (E.G. a login from a remote North African country in the middle of the night).

For those of you that haven't got such a service in place, there are a few telltale signs:
1. Often you will need to wait until the hacker takes a misstep, or that you are alerted from a colleague or other impacted person;
2. If you receive a significant amount of bounce backs into your email account, it means that it could have been used for SPAM purposes;
3. You lose access to your account and require a password reset;

So what can be done about these styles of attacks?

1. Change your password on a regular basis and make sure that the password you are using isn't used on multiple services;
2. Look at setting up Multi-Factor Authentication on your account (assuming your mail provider supports such a service);
3. Ensure your staff are aware of their own security. Be vigilant as to what people are asking for in emails. Spoofed emails often look very legitimate and can easily fool those that are not sure what to look for!
4. Ensure that you have good up to date protection on the devices that you are using to access websites and emails