Real email thread hijacked by attackers via conversation hijacking

TL;DR:

What happened: In 2026, ANY.RUN researchers caught attackers replying inside a live C-suite email thread by hijacking a real contractor’s mailbox: the phishing link inside read like part of the approval flow.
- This “conversation hijacking” was the one of the first published and detailed cases this year, but it’s a growing pattern of social engineering attacks abusing established trust in pre-existing email threads and chat conversations.
The social engineering angle: The lure carried no anomalies your filters or traditional employee awareness training simulations are built to catch.
- The “phishing” lure was sent from a real (compromised) sender, as part of a real and previously existing email thread, referenced real policy context and leveraged real rapport.
- The only fake thing was the link.
What employees can do:
- Verify any “click, sign, or approve” request inside an active thread through a second channel (Teams or phone)
- Treat changes to payment instructions, banking details, or sign-in flows as high-risk regardless of who they appear to come from
- Open Microsoft sign-in from a bookmark or app, and never from links inside email
Check out ‘One ish, two ish: How to prevent modern phishing‘ for more on the social engineering patterns that bypass traditional phishing defenses.

ANY.RUN: A compromised contractor mailbox slipped a phishing link into a live C-suite email thread

In late January 2026, researchers at ANY.RUN detonated a suspicious email that didn’t look suspicious on any surface check. It was a reply inside an active email thread among executives at a target company, discussing a document awaiting final approval.

Original email thread written by executives, forwarding information along to expedite regular business approvals. (ANY.RUN)

The sender was a sales manager at one of their trusted contractors. The conversation was real. The relationship was real.

Email sent from compromised vendor’s account in the real email thread (ANY.RUN)

The only thing not real was the document review link in the reply which led, through two Cloudflare Turnstile gates designed to filter out automated scanners, to a fake Microsoft login page running on the EvilProxy adversary-in-the-middle (AiTM) phishing kit.

Fake document request sent as part of the conversation hijacking phishing attack. (ANY.RUN)

ANY.RUN traced the attack to a likely compromise of the contractor’s sales manager mailbox, used to hijack the conversation from inside the active business workflow.

By the time the message reached the executives, it had inherited seven forwards of legitimacy.

ANY.RUN’s case is one of a broader “conversation hijacking” social engineering attack trend

While ANY.RUN linked the incident to a broader EvilProxy campaign active since December 2025, attackers have been trying to interrupt pre-existing conversations across platforms:

Okta’s threat intelligence team has been tracking a related EvilProxy operation (which they call O-UNC-035) since March 2025, with target sectors spanning Finance, Government, Healthcare, and Technology.
Sublime Security’s 2026 Email Threat Research Report found that thread hijacking and fake threads now make up 28.1% of all BEC attacks, surpassing traditional cold-email BEC for the first time.
Abnormal has been documenting a related pattern they call “multi-persona attacks” where multiple attackers coordinate on the same hijacked thread to build a chorus effect.

The mechanic at the center of all of these: the message arrived from a sender the recipient already trusted, sitting inside a conversation the recipient already trusted, asking for an action the recipient was already expecting to take.

That’s the attack pattern, but the interesting part is what conversation hijacking means for your defenses.

How conversation hijacking and multi-persona attacks get past traditional controls

If you tried to stop the ANY.RUN attack with the security stack most organizations have in place today, here’s what would happen:

Email filters would pass it.
- The sender domain is legitimate, SPF/DKIM/DMARC validates cleanly, there’s no malicious attachment, and the body matches the linguistic patterns of the prior thread.
URL reputation tools would shrug.
- The domain is fresh, the page is gated behind Cloudflare Turnstile (which blocks most automated crawlers from rendering the phishing content), and only a real human interaction reveals the fake Microsoft login at the end.
Multi-factor authentication would fail to protect the user.
- EvilProxy is an AiTM phishing kit, meaning it proxies the real Microsoft login flow in real time (including the legitimate MFA prompt) and captures the post-MFA session token, not just the password.
- SMS codes, push approvals, and authenticator app codes all get harvested along with everything else.
- Even phishing-resistant authentication are countered with
“Spot the phish” training would have nothing to spot.
- No domain mismatch, no sender misspelling, no urgency language, no “Dear Customer,” no out-of-place formatting.
- The lure looks like every other legitimate reply in the thread, because the attacker writing it had access to every other legitimate reply in the thread to compare their fraudulent communication.

What gets exploited here isn’t a vulnerability in any tool. It’s the trust your tools assume already exists between people who have been in a thread together for weeks.

Email security stacks were built to evaluate messages. Thread hijacking attacks the relationships around the messages.

That’s why this is a human-layer problem, and it’s the same reason our other emerging threat bulletins share the same shape, including:

The resume lure delivered via LinkedIn “networking” and not put into official hiring inboxes
The “screenshot” that took out DigiCert and stole 27 certificates over two weeks (despite their security controls that blocked four other attempts before the successful fifth)
The phishing-plus-fake-IT-call vishing combo, currently favored by ShinyHunters just to trick employees into giving up their one-time password (OTP) or MFA codes

Each attack is engineered to walk straight through the controls and land directly on the person.

Employees most at-risk of conversation hijacking attacks

Conversation hijacking and multi-persona attacks target people based on what’s in their inbox, not their job title. However, some workflows make people far more exposed than others. The cohorts below combine role, workflow, and access in ways that make this attack particularly dangerous.

Vulnerable employee cohorts to conversation hijacking and multi-persona attacks	Details
Contract approval workflow signatories X Executives and their assistants	Sit at the convergence of vendor relationships, document approval, and broad-blast-radius credentials. EAs especially are a soft spot: they handle volume on the exec’s behalf and often have delegated mailbox access (and all of their passwords and saved signatures).
Procurement and sourcing	In daily, multi-thread contact with vendor mailboxes. They are who attackers want to compromise on the vendor side, and who attackers want to reach on the customer side.
Finance and accounting, especially AP	The change-of-banking-details pretext is the most common monetization path for VEC. AP teams seeing a “we’ve updated our banking info” reply inside a real invoice thread are the highest-value target group in the workflow.
Legal and compliance teams handling contract execution	Live inside document-approval email threads constantly. Reflexive behavior is to click and review.
Executives X Breached credentials or weak MFA	The conversation hijacking attacks documented by Okta and ANY.RUN EvilProxy specifically defeats SMS/push/TOTP MFA, so anyone in this combination is at sharply elevated risk.

How employees can refuse to talk with conversation hijacking attempts

Because there are no traditional red flags inside the lure, defending against thread hijacking is mostly about workflow discipline, not pattern recognition:

Verify out-of-band any time a request to click, sign, approve, or transfer money shows up inside an existing thread. A 30-second chat message or phone call to the real sender breaks the attack.
- This action is particularly important especially around document review, payment changes, or login flows.
Treat banking detail changes as inherently high-risk regardless of source, thread context, or urgency.
- Use a dedicated, separately-verified channel for any change to payment instructions.
Open Microsoft sign-in from a bookmark or app, not from links inside email, even when the email is from someone you trust.
- This single behavioral habit defeats most AiTM credential phishing, because the proxy URL never gets visited even if the phishing message was convincing enough to make someone take action right away!
Pay attention to reply timing in active threads. A vendor contact who’s been quiet for two weeks suddenly replying with a new link, and especially after a forwarded chain, is worth a 30-second pause to verify.
Report anything that “feels off in context you can’t quite explain.” Thread hijacking gets caught more often by gut feel than by any specific red flag.
- From the security team’s side, we should continue making user reporting as frictionless as possible.
- Wherever feasible, user reports should be treated as high-signal, especially from individuals involved with money or strategic operational processes or from users who have previously spotted real phishing attempts.
Report financial fraud to IC3 if a payment goes through to a fraudulent account.

Want a deeper read on the social engineering patterns behind supply-chain attacks like this one? Check out “One ish, two ish: How to prevent modern phishing” for more on how to spot modern phishing lures that bypass traditional security controls and defenses.