Furniture store IKEA has become the target of a new kind of cyber attack called a reply chain attack. Criminals reply to apparently previously sent emails from IKEA employees or suppliers. The scammers try to get employees to click on a malicious link. This reports BleepingComputer, which had access to internal emails warning IKEA employees’ IT teams about these fake emails.
Ikea warns employees and business partners about phishing emails. A cyber attack is underway targeting IKEA mailboxes. With fake emails, hackers try to gain access to the network or they try to install ransomware.
The Swedish furniture chain is said to have fallen victim to the so-called reply chain attack. In this new form of a cyber scam, criminals send a reply to an apparently previously sent email from IKEA employees or partners. Compromised email accounts send links to zip files. These zip files contain malicious excel files.
Cybercriminals try to trick employees into fake emails to click on the malicious link. If they click on these links, malware will be installed on the system.
Cyber-attacks have become more common in recent years. Last month, Mediamarkt was hit by a cyber attack. The difference with this cyberattack at IKEA is that a new form of cyber scam is used in which fake emails appear to come from trusted senders.
The reply chain emails are legitimate company emails sent from compromised email accounts on an internal server. Recipients will trust the emails and be more likely to click on the malicious link.
IKEA employees are advised to be extra careful. Even if they receive emails from someone they work with or from an external organization. IKEA has no details about the cyber attack. It is not clear whether the cybercriminals gained access to the furniture giant’s internal servers.
Catch up on more articles here
Follow us on Twitter here