KnowBe4 Security Awareness Training Blog

What's The Best Name? ThreadJacking or Man-in-the-Inbox Attacks?

Written by Stu Sjouwerman | Apr 10, 2019 6:23:33 PM

We are seeing a new type of attack popping up more and more. Bad guys send a phishing attack and steal the credentials of your employee. But they stay under the radar and lurk for a while to understand the email traffic and the people the compromised account regularly talks to.

Next, they reply to an existing thread with a socially engineered message and attach a malicious attachment that will compromise the workstation of the recipient if they open it up.

This is a type of attack that's hard to defend against, because the email comes from a trusted source, and software layers like spam filters and DMARC do not protect against this either. You might hope that your endpoint security solution catches it, but that's not at all guaranteed either. The ideal scenario is that your employee grabs the phone and asks the sender about the attachment but we all know this does not always happen.

To catch this type of an attack, your employees need to be hyper vigilant and understand that this is something that's possible and they might get one of these attacks.

Now, here is the question:

KnowBe4 would be able to generate this type of simulated attack, but it has a potential drawback we'd like your feedback on, i.e. the amount of help desk and disruption it would cause if employees thought other employee's email account was compromised.

Is this a feature you'd like to see? Or is might this cause too much blowback? Let us know! It's a 3-question, 60-second survey. Thanks in advance! 

Here is the link to SurveyMonkey:

https://www.surveymonkey.com/r/BestNameAttack

Let's stay safe out there.

Warm regards,

Stu Sjouwerman

Founder and CEO, KnowBe4, Inc.