My TechDecisions

Facility, Network Security

Ikea Investigates Into Internal Email Hijacking Incident

Ikea is investigating into an internal email hijacking incident on its Microsoft Exchange Server, where victims received a genuine looking "reply all" email.

Leave a Comment

IKEA EMAIL HIJACKING INCIDENT
filmbildfabrik/STOCK.ADOBE.COM

Multinational furniture maker Ikea announced it is investigating a cyber incident which took place on its Microsoft Exchange server. Malicious emails were sent around the company appearing to be a genuine “reply all” to an email chain, according to documents shared with BleepingComputer.

No customer data was compromised as result of the incident. Other Ikea businesses, partner and suppliers are said to be affected, according to BleepingComputer.

Email hijacking is a social engineering-led attack common among threat actors. The recent SquirrelWaffle malspam campaign utilized this technique where actors exploited an unpatched vulnerability in a Microsoft Exchange server to distribute a Qakbot malware payload.

An Ikea spokesperson told ITPro:

“Actions have been taken to prevent damages and a full-scale investigation is ongoing to seal and solve the issue. We take the matter very seriously as safeguarding personal data is a primary concern for Ikea. It is of our highest priority that Ikea customers, co-workers and business partners feel certain that their data is secured and handled correctly,” they added. “To ensure this, we use security technology to encrypt all personal information, including card numbers, addresses, and other information.”

Read: Top Malicious Email Phishing Techniques Used By Cybercriminals

Ikea has since told staff to be extra vigilant when monitoring their emails. The company is warning of emails that contain links with seven numbers at the end of them. The links lead to a download of a malicious Excel document, where victims are prompted to click “enable edit,” which then leads to the malicious payload.

Employees who come across these emails are being asked to report them instantly to the IT Team via Microsoft Teams so the sender’s address can be identified and blocked immediately.

Ikea says its email filters are seeing some degree of success in catching the phishing emails but couldn’t take the risk that a staffer wouldn’t mistakenly release the email from quarantine given the trusted source, according to ITPro.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Latest Downloads

Practical Design Guide for Office Spaces
Practical Design Guide for Office Spaces

Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-fa...

New Camera Can Transform Your Live Production Workflow
New Camera System Can Transform Your Live Production Workflow

Sony's HXC-FZ90 studio camera system combines flexibility and exceptional image quality with entry-level pricing.

Creating Great User Experience and Ultimate Flexibility with Clickshare

Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When desig...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ