IKEA experiencing internal phishing attacks

As first reported by Bleeping Computer, IKEA is suffering from internal phishing attacks targeting employees. Bleeping Computer was able to obtain an internal email sent to employees that details the situation as follows:

"There is an ongoing cyber-attack that is targeting Inter IKEA mailboxes. Other IKEA organisations, suppliers, and business partners are compromised by the same attack and are further spreading malicious emails to persons in Inter IKEA.

This means that the attack can come via email from someone that you work with, from any external organisation, and as a reply to an already ongoing conversations. It is therefore difficult to detect, for which we ask you to be extra cautious."

Ikea went on to say this as well:

"Our email filters can identify some of the malicious emails and quarantine them. Due to that the email could be a reply to an ongoing conversation, it's easy to think that the email filter made a mistake and release the email from quarantine. We are therefore until further notice disabling the possibility for everyone to release emails from quarantine."

According to Lawrence Abrams, author of the Bleeping Computer report, the phishing emails are specifically stolen reply-chain emails. As explained by SentinelOne, email reply-chain attacks are initiated by a threat actor taking control of a legitimate account belonging to an employee. What then occurs is a "chain" of emails started by sending malicious links that, when opened, begin infecting each recipient that falls for the scheme. It is easy to fall for as it is an internal account from another employee, which makes this type of attack so dangerous.

The IKEA IT security teams handling the incident are warning employees that the reply-chain emails have specific markers. These identifiers are specifically related to the malicious links themselves, namely the fact that they always contain seven digits at the end.

IKEA has not responded to any requests from the media for comment.

Featured image: Flickr/OiMax

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist. Kortepeter specializes in areas such as cyber defense, privacy rights, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

T-mobile's recent robocall report shows massive increase in 2021

Wireless service provider T-Mobile released a new report on robocalls. The report confirms the recent…

2 days ago

Overview of PowerShell versions and how to check what version you have?

PowerShell is one of the most popular scripting languages and it is installed by default…

2 days ago

TCP vs. UDP: Understanding the Limitations

TCP and UDP are two different protocols to handle data transfer. Both have their benefits…

3 days ago

Three ways to run .exe files in PowerShell

An executable file can have hundreds of different file extensions, and ".exe" is just one…

3 days ago

How to delete files and folders using PowerShell

Do you want to delete files and folders using PowerShell? We have you covered! Read…

4 days ago

The Major Barriers to SMB Cybersecurity

Small and medium-sized businesses (SMBs) are a less resistant target for cyber attackers. This is…

4 days ago