Zombie phishing: The hidden horror lurking in your inbox

In the Kocho security team, we’re always on the lookout for new trends and tactics looking to exploit weaknesses in organisations.

Which is why we want to talk to you about zombie phishing.

Also known as conversation hijacking, it’s a particularly sneaky type of phishing that infiltrates its way into legitimate conversations and uses your own email threads against you.

And it’s a horror story that’s growing in popularity.

How zombie phishing attacks work

Unlike regular phishing scams that send mass emails pretending to be from trusted sources, zombie phishing takes a more subtle route.

It starts with a compromised account, often breached via stolen credentials or malware.

From there, hackers:

• Monitor real email conversations, scouting for the perfect moment to strike.
• Inject their own messages into the thread, posing as a trusted contact.
• Embed malicious links or attachments that spread malware, steal credentials, or trigger fraudulent transactions.

Since the email comes from a real person, within an active conversation, there are no obvious red flags.

No suspicious email address. No strange formatting. No awkward grammar.

It feels real.

And that’s why it works.

Common zombie phishing attack methods

Zombie phishing gives attackers multiple ways to break in. Knowing how these threats work can help businesses and employees stay ahead.

How to protect against conversation hijacking

Since zombie phishing attacks don’t look suspicious on the surface, traditional security measures aren’t enough.

Therefore, we recommend a more layered defence and response strategy that combines technology, process, and employee awareness.

Such as:

1. Employee education and awareness

Train employees to spot warning signs like unexpected attachments, writing style changes, or urgent financial requests. Encourage verification via a separate channel and conduct regular phishing simulations to reinforce awareness.

2. Implement robust email security measures

Use AI-powered cloud email security to detect evolving threats. Apply DMARC policies to prevent spoofing and deploy endpoint protection to block malicious payloads.

3. Enforce strong authentication mechanisms

Require MFA for email and critical apps. Promote password managers for strong, unique credentials. Use conditional access to block logins from untrusted locations or devices.

4. Strengthen incident response and monitoring

Have a clear incident response plan for email compromises. Encourage employees to report suspicious emails. Monitor accounts for unusual logins and unauthorised activity.

Final thoughts

Zombie phishing might sound like a term from The Walking Dead, but this is no work of fiction.

It’s a very real, very potent, and increasingly common cyber threat.

While organisations are getting better at spotting traditional phishing attempts (though there’s still plenty of work to do), attackers are finding new ways to slip through the cracks.

Using AI, they can mimic trusted contacts, hijack familiar communication channels, and deploy malicious payloads or steal sensitive data. All while staying under the radar.

Fighting back and staying protected requires the combined efforts of robust modern cloud email security, strong authentication policies, and continuous employee awareness training.

At Kocho, we help businesses stay ahead of emerging threats, combining AI-driven security solutions with expert-led protection.

If you want to ensure your organisation is zombie-proof, get in touch. We’re here to help.

Key takeaways

Next steps

Like this guide? Then don’t forget to share it with your followers.