Cybercriminals Targeting IKEA Employees With Phishing Attacks

Furniture retail giant IKEA is allegedly currently suffering from an ongoing cyber attack, whereby hackers are targeting Inter IKEA employees’ email inboxes. Inter IKEA is the holding company for IKEA.

On Friday, BleepingComputer released a report claiming that IKEA is currently battling an ongoing cyber attack. In the report, the technology news website claims to have access to an internal IKEA message sent to employees warning them of the cyber attack.

The alleged internal IKEA email.
Source: BleepingComputer

The message states that Inter IKEA mailboxes and those belonging to other IKEA organizations, IKEA suppliers, and its business partners have been compromised and that malicious emails are being spread from within.

Warning IKEA employees of the deceptiveness of the malicious emails, the message goes on to explain that “the attack can come via email from someone that you work with, from any external organisation, and as reply to an already ongoing conversation.” This means that it can be exceptionally difficult to tell one of the malicious emails apart from a legitimate one.

The nature of the cyber attack

The type of cyber attack described in the message is called an email reply chain attack. Generally, an email reply chain attack happens when a hacker gains access to somebody’s email account, monitors an ongoing conversation between them and the victim, and waits for the perfect opportunity to send an email of their own, posing as the person behind the compromised email account.

The cybercriminal’s email will fit the context of the conversation and it will almost always contain malicious links. Because there is a level of trust between the two parties, the victim is significantly more likely to click on the malicious links than they would be if they appeared the come from an unknown person.

It seems that it is an email reply chain attack that IKEA is currently allegedly dealing with, just on a much larger scale than normally seen.

An analysis of the attack

In addition to the internal IKEA employee message, BleepingComputer also claims that it has access to an example of one of the malicious emails, which was sent to IKEA employees.

Example email.
Source: BleepingComputer

BleepingComputer analyzed the URLs in the partially redacted email above and identified that victims of the attack are being tricked into downloading a compressed folder called “” containing a malicious Excel document.

The malicious Excel document.
Source: BleepingComputer

According to BleepingComputer’s analysis, if victims follow the instructions in the malicious Excel document and click on the “Enable Editing” and “Enable Content” buttons, malicious software is installed on their computers. However, the exact nature of the malware was not elaborated on.

Currently, IKEA has not yet released a statement regarding the alleged cyberattack.

Enjoyed this article?

Then you’ll probably want to check out some of these:

GoDaddy Announces 1.2 Million WordPress Websites Breached
Blackmail and Sextortion Emails — What to Watch Out For
Famous Virus Attacks