Ikea email systems bombarded by phishing attacks

Ikea issues guidance to staff on how to spot malicious email

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Ikeais reportedly reeling under an ongoing cyberattack perpetrated throughphishingemails sent viacompromised Microsoft Exchange servers.

According toBleepingComputer, the homeware giany is alerting its employees of the campaign conducted through the classicreply-all email chain attack.

“There is an ongoing cyber-attack that is targeting Inter Ikea mailboxes. Other Ikea organizations, suppliers, and business partners are compromised by the same attack and are further spreading malicious emails to persons in Inter Ikea,” reads the internal email sent to Ikea employees as seen byBleepingComputer.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

The email goes on to explain the modalities of the reply-all email attack, noting that phishing emails can come from co-workers, or from a third-party, in the form of a reply to an already ongoing conversation.

Hijacking internal servers

A recent investigationinto the recent SquirrelWafflemalwarecampaign bycybersecurityexperts revealed that attackers have begun using compromised internalemail serversthat were attacked using a chain of bothProxyLogonandProxyShellexploits to add legitimacy to the reply-chain email attack.

Researchers atTrendMicrodiscovered that after compromising the unpatched servers, the attackers hijack internal email chains to add malicious links in legitimate messages.

This makes the attacks difficult to detect, which is something Ikea has also shared with its employees.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Furthermore, while sharing an example of a fraudulent message, Ikea tells its employees that the malicious emails contain links with seven digits at the end. Once spotted the recipients are asked to report the email to Ikea’s IT department immediately.

Shield yourself online with thesebest identity theft protection services, and ensure your computers are protected with thesebest endpoint protection tools

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well