Spear phishing and business e-mail capture (BEC) are not the only types of targeted e-mail attacks. Conversation theft is another dangerous threat.
In a word, this is a plan in which attackers join a business e-mail chat and act like they are one of the people involved. This post looks at how these attacks work and what you can do to make them less likely to work.
Hacking the mailbox is the most clear thing to do. Password brute-forcing is the most common way to hack cloud services. Attackers look for passwords linked with a certain email address in leaks from online services and then try them on work email accounts. This is why, first, you shouldn't use the same login information for different services and, second, you shouldn't use your work email address to sign up for sites that have nothing to do with your job. Another way to get to your email is to use weaknesses in server software.
Malicious people don't usually have control of a work email address for long, but they usually have enough time to download the message record. People sometimes set up sending rules in the settings so that they can get email as it comes in. So, they can only read and not send texts. They would probably try to do a BEC attack if they could send texts.
Malware is another choice. Most likely, the e-mails that the hackers used to send their harmful payload come from people who had been infected with the same QBot malware, which can access local message files.
But so-called hackers or people who run software don't always take over conversations themselves. Message files are sometimes sold on the dark web and then used by other scammers.
