Conversation-hacking is a new phishing technique where hackers infiltrate an existing email thread and pose as someone else in the conversation, such as a CEO, assistant or other employee, according to ZDNet.
Hackers use previously compromised credentials to exploit the email threads. The goal behind conversation-hacking is to gain trust with the business before targeting it for money or installing malware.
"Once they gain access to the account, attackers will spend time reading through conversations, researching their victims and looking for any deals or valuable conversations they can insert themselves," said Don Maclennan, senior vice president of engineering and product and Barracuda Networks, to ZDNet.
While this phishing technique is new and relatively rare, it made waves last year. Between July and November 2019, conversation-hacking instances increased more than 400 percent, according to research from Barracuda Networks.
"These attacks are highly personalized, including the content, and therefore a lot more effective. They have the potential of a very large payout, especially when organizations are preparing to make a large payment, purchase or acquisition," said Olesia Klevchuck, senior product manager for email security at Barracuda Networks, to ZDNet.
Hospital employees should double check email addresses coming from domains that are slightly different. Additionally, employees should be cautious if they get sudden demands for payments.