Homeware and furniture giant IKEA has suffered a cyberattack on its internal mailboxes. IKEA has warned its employees and other associated individuals about the ongoing phishing attack asking them to stay wary of suspicious emails even from official accounts.
IKEA Mailboxes Under Phishing Attack
According to a recent report from Bleeping Computer, IKEA is suffering an ongoing phishing attack. Per the emails that the media site viewed, IKEA has warned its employees to stay cautious as the reply-chain attack targets mailboxes.
As mentioned in the emails, this attack can not only affect employees but other related individuals as well.
There is an ongoing cyber-attack that is targeting Inter IKEA mailboxes. Other IKEA organisations, suppliers, and business partners are compromised by the same attack and are further spreading malicious emails to persons in Inter IKEA.
IKEA has urged all employees not to open emails that include attachments and/or have URLs ending with seven digits. Instead, the recipients should report such emails to the IT department and ask the sender via Microsoft Teams chat to report too.
The company’s email filters may block some malicious emails. However, given the apparent legitimacy of the sender’s address or if the email comes as a response to a legit message, users may pull out the emails from quarantine. Therefore, IKEA has disabled this functionality to release quarantined emails for now.
Our email filters can identify some of the malicious emails and quarantine them. Due to that the email could be a reply to an ongoing conversation, it’s easy to think that the email filter made a mistake and release the email from quarantine. We are therefore until further notice disabling the possibility for everyone to release emails from quarantine
It currently remains unclear how the attack happened. Yet, Bleeping Computer notes that IKEA might have suffered an effect on its Microsoft Exchange servers as well.
Although, IKEA hasn’t explained what phishing emails may lead to. However, the media source suspects Emotet or Qbot trojan behind this attack.