My TechDecisions

Facility, Network Security

Ikea Investigates Into Internal Email Hijacking Incident

Ikea is investigating into an internal email hijacking incident on its Microsoft Exchange Server, where victims received a genuine looking "reply all" email.

Leave a Comment

IKEA EMAIL HIJACKING INCIDENT
filmbildfabrik/STOCK.ADOBE.COM

Multinational furniture maker Ikea announced it is investigating a cyber incident which took place on its Microsoft Exchange server. Malicious emails were sent around the company appearing to be a genuine “reply all” to an email chain, according to documents shared with BleepingComputer.

No customer data was compromised as result of the incident. Other Ikea businesses, partner and suppliers are said to be affected, according to BleepingComputer.

Email hijacking is a social engineering-led attack common among threat actors. The recent SquirrelWaffle malspam campaign utilized this technique where actors exploited an unpatched vulnerability in a Microsoft Exchange server to distribute a Qakbot malware payload.

An Ikea spokesperson told ITPro:

“Actions have been taken to prevent damages and a full-scale investigation is ongoing to seal and solve the issue. We take the matter very seriously as safeguarding personal data is a primary concern for Ikea. It is of our highest priority that Ikea customers, co-workers and business partners feel certain that their data is secured and handled correctly,” they added. “To ensure this, we use security technology to encrypt all personal information, including card numbers, addresses, and other information.”

Read: Top Malicious Email Phishing Techniques Used By Cybercriminals

Ikea has since told staff to be extra vigilant when monitoring their emails. The company is warning of emails that contain links with seven numbers at the end of them. The links lead to a download of a malicious Excel document, where victims are prompted to click “enable edit,” which then leads to the malicious payload.

Employees who come across these emails are being asked to report them instantly to the IT Team via Microsoft Teams so the sender’s address can be identified and blocked immediately.

Ikea says its email filters are seeing some degree of success in catching the phishing emails but couldn’t take the risk that a staffer wouldn’t mistakenly release the email from quarantine given the trusted source, according to ITPro.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

The State of Digital Signage & Video Wall Technology

Digital signs and video walls come in a variety of sizes, configurations and pixel pitches, but they share a common purpose: communicating information

Live Demo: Ensuring Excellent Hybrid Meetings Without Stressing IT Staff

Watch this live demo of AVI-SPL’s meeting room management software Symphony to learn how to ensure positive meeting outcomes and reduce the burden ...

Three Soft Skills IT Pros Need in 2022 and Beyond

Along with a deep understanding of new and emerging technologies and how to apply them to a business, IT professionals also need the requisite soft...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales