Email thread hijacking
Stop malicious emails that hijack legitimate conversations to deliver fraud or malware, bypassing traditional defenses.
Attackers exploit legitimate email threads
In thread hijacking, attackers insert malicious messages into legitimate email conversations, often using leaked content to create fake replies or forwards from trusted sources. In advanced cases, they may compromise actual email accounts to increase credibility.
Unlike traditional phishing, thread hijacking targets specific individuals or groups, making it harder to detect as the malicious messages blend in. Recipients are more likely to trust and act on them, making this attack particularly dangerous for organizations.
How xorlab detects and blocks email thread hijacking
xorlab proactively detects and blocks email thread-hijacking attacks, even when they use leaked or compromised email content to appear legitimate. It provides real-time analysis of email content, attachments, and links, recognizing suspicious elements that deviate from the expected norms of legitimate communication threads.
The xorlab Security Platform blocks these hijacked emails before they reach the users' inboxes.
Email thread hijacking techniques and characteristics
Hijacked threads
Attackers insert malicious messages into active email threads using leaked content or compromised accounts.
Impersonation
Attackers mimic trusted senders by replying to real email threads, making the message seem legitimate.
Fake Display Names
Display names often include the spoofed sender’s address or name to imitate a trusted contact.
Increased Trust
Recipients are more likely to fall for these attacks as the emails reference real topics within ongoing conversations.
Obfuscation
Malicious links or attachments are often hidden in normal-looking email responses, making them harder to detect.
Targeted
These attacks target specific individuals or groups, using thread context to increase their success rate.
Within the MITRE ATT&CK® Matrix, email thread hijacking maps best to Phishing for Information and Phishing as two techniques aimed at the tactical objective of Reconnaissance and Initial Access.
Resource center
Ciso Guide
Explore our ebook about smarter email security – an attacker-centric, proactive approach.
News
How attackers leverage the trust of GitHub to launch targeted phishing attacks.
Attack Simulation
Stress test your email security with our realistic email attack simulation.
Pen-test your email security
False negatives causing extra work? Unsure of your protection against email thread hijacking? Identify gaps with xorlab's Email Attack Simulation.