Ikea Targeted by a New Phishing Scam

A new type of phishing attack has been uncovered after flat-pack furniture giant, Ikea, launched an internal investigation after noticing several malicious emails circulating throughout the business. Email Chain Hijacking is a new type of phishing scam that takes advantage of a weakness found in Microsoft Exchange servers.

Ikea adequately protected against the attack by encrypting all personal data. However, many other businesses remain vulnerable to this new type of attack.

What is Email Chain Hijacking?

Email Chain Hijacking is a key identifier of the prevalent SquirrelWaffle malspam campaign, which takes advantage of a vulnerability in Microsoft Exchange Servers. SquirrelWaffle malware enables cybercriminals to gain a foothold inside organisations IT systems, allowing them to deploy further system infections such as Quakbot, a well-known banking trojan.

Usually, with phishing attacks, imposter emails attempt to mimic an organisation’s emails and domain. Once an individual clicks on the link, malware is downloaded and the systems are infected. With Email Chain Hijacking, emails are sent via the organisation’s actual servers. Cybercriminals reply to existing email chains and embed malicious links or attachments within them.

Once the hacker has access to an individual’s email system, they find an email chain to use and then reroute the replies to a separate inbox, such as the trash folder. The person’s email they are using never see the replies in the email chain, which means the attack can go untracked for a long time.

This method makes it incredibly difficult for individuals to spot the phishing attack and react since emails don’t just look like they are from their colleague’s email addresses, they actually are.

How can Your Business Protect Against Email Chain Hacking?

There are a number of things to do to guard against an email chain hack. These include:

1. Ensure all email accounts use security best practices. This includes setting secure passwords and using multi-factor authentication.
2. Regularly inspect email and inbox settings. Look out for rules that weren’t created by the user that intend to filter replies into a different inbox. If you spot this, contact your IT team immediately.
3. Disable all Microsoft Office Macros where possible. Macros allow a user to personalise automatic and manual email replies and are a common vehicle of attack.
4. Ensure your business has a quality and trusted Endpoint Detection and Response (EDR) security provider in place. If an email chain hack is successful, an EDR can stop the malicious code hidden in links and attachments from being executed.
5. Increase your organisation’s knowledge with comprehensive training designed to increase their awareness of cyber-crime and their responsibilities to protect their organisation.

DeltaNet Cyber Security Collection

We provide a comprehensive collection of courses designed specifically to build awareness, knowledge, and capability to fight cyber-crime such as phishing. You can find out more here.

In addition to this, we have developed a revolutionary Phishing Simulation Tool. The tool allows organisations to test their employees’ resilience against phishing in the real world by staging simulated phishing attacks. You can send fake phishing emails to anyone and everyone in your organisation and report on performance. The Phishing Simulation Tool will make cyber risk owners aware of anyone who has failed the test, allowing for further training to be provided and increasing your organisation’s defences against phishing attacks and cybercrime.