Understanding thread hijacking for ‘account update’ phishing

Hijacking communications between patients and providers often allows cybercriminals to extract information and solicit payments and other actions that would cause further harm. 

What is thread hijacking for ‘account update’ phishing? 

Thread hijacking in the context of “account updates” phishing is a tactic where attackers infiltrate an existing email conversation between a legitimate sender and recipient to distribute phishing messages. Using a compromised account, cybercriminals can slip malicious emails into ongoing threads. 

A review article from the Editor’s Pick: Computer Science states, “...a phisher uses either social engineering tricks by making up scenarios (i.e., false account update, security upgrade), or technical methods (i.e., using legitimate trademarks, images, and logos)...”

Attackers send emails that often falsely alert recipients about changes or updates to an account, prompting them to click a link or open an attachment to “confirm” their information. Since these phishing emails appear in a trusted conversation threat, they’re often harder to detect and can bypass email filters designed to block suspicious messages.

Related: What is data strategy?

How these attacks impact healthcare email 

1. Attackers identify ongoing email threads about account updates or other relevant topics within healthcare organizations. 
2. They create email addresses that closely resemble those of legitimate contacts (like using slight variations or similar looking characters) to deceive recipients into thinking the email is from a trusted source. 
3. Attackers draft messages that mimic typical account update requests, urging recipients to click on links or provide sensitive information. 
4. Phishing emails often contain links that lead to counterfeit websites designed to capture login credentials. 
5. The emails may convey urgency or reference company policies to create pressure, making recipients more likely to respond without verifying the request's authenticity. 
6. Since the emails appear to come from a familiar contact, recipients may not look at the message too closely, increasing the chances of successful phishing. 
7. Once the attacker acquires login credentials, they hijack accounts and extract patient information or access internal communication channels.
   
   

The solution: HIPAA compliant email

HIPAA compliant email platforms like Paubox employ advanced spam filtering and threat detection that actively monitors incoming and outgoing communications for suspicious activity. In the narrow chance that an attacker can infiltrate Paubox’s secure encryption, this ensures that providers are made aware of an attacker's presence and can quickly shut down systems and investigate before information is lost. 

The platform also offers a trustworthy method of sending patients emails that verifies its origin from a trusted healthcare organization instead of a threat actor. This is especially valuable when considering that the modus operande of threat hijacking operates based on impersonation.

FAQs

What is HIPAA? 

A law that protects the privacy and security of patient's health information. 

Why is consent an important part of healthcare? 

It's a part of the healthcare process that provides patients with autonomy in an often overwhelming sector.

Why are cyberattacks leveraged against healthcare organizations? 

They hold a wealth of sensitive information that can be used for a wealth of reasons from ransoms to impersonation.