Problem scenario
You have heard the term "threadjacking" in different contexts. What does it mean?
Answer
The word "threadjack" can have different meanings. It can be a netiquette issue, a cybersecurity issue, or both.
Threadjacking can refer to the practice of responding to an email thread or website posting to change the topic. These type of threadjackings have no security implication. A new email thread or website posting would be a polite way to introduce such a new topic.
The term "threadjacking" can refer to intercepted emails where someone joins the discussion to pretend to be someone else. The bad actor's ruse can involve the content of the discussion. This bad actor can steal data in responses or distribute malware. The historic email thread gives the victim confidence that the bad actor is a legitimate source. This type of threadjacking refers to a man-in-the-middle attack or a type of spear phishing. (See https://www.dictionary.com/browse/spear-phish for more information.)
For more information see the following quotes:
A new method that phishers are using is a twisted form of threadjacking.
https://www.graphus.ai/blog/email-security-trends-for-2021/
…
if a spam email comes from someone a user knows, that email has a higher chance of reaching that user’s inbox because spam filters will consider the message as valid. This is why threat actors are hijacking people’s accounts to send spam emails.
Another risk is thread-jacking, where employee email accounts are hijacked and malware is spread by responding within specific conversation threads, making it more likely individuals will open a link or attached file, according to Pratt.
https://www.cybersecuritydive.com/news/infosec-security-for-productivity-hp-wolf/606296/
What's The Best Name? ThreadJacking or Man-in-the-Inbox Attacks? …Bad guys send a phishing attack and steal the credentials of your employee. But they stay under the radar and lurk for a while to understand the email traffic and the people the compromised account regularly talks to.
Next, they reply to an existing thread with a socially engineered message and attach a malicious attachment that will compromise the workstation of the recipient if they open it up.
https://blog.knowbe4.com/whats-the-best-name-threadjacking-or-man-in-the-inbox-attacks