Be wary of Reply-Chain Phishing Attacks


Phishing. Phishing continues to be a prominent topic in cybersecurity articles. Unfortunately, it remains the most popular delivery method for cyberattacks.

Cybercriminals may attempt to steal login credentials from employees. You could also launch ransomware attacks for payment and install spyware to steal sensitive information. They could also be compromised through sending phishing emails with false information.

According to 80% of security professionals surveyed, phishing campaigns have significantly increased since the pandemic.

Phishing remains an issue, and its volume has grown due to the shift to remote teams. Many employees now work from home where they don't have as many network protections as when they worked at their desk in the office.

Why is phishing still so successful after all these years? Isn't it time that people began understanding what phishing really is?

People today are much more wary of phishing emails than they were even ten years ago. On the other hand, scammers continue to refine their techniques, making it harder for recipients to detect these emails.

One of the latest techniques can be tricky to spot: reply-chain phishing attacks.

What is a ReplyChain Phishing Attack and How Does It Operate?

Most people are familiar with email reply chains. One or more parties copy an email, someone responds and places their reply at the bottom. Another person joins in on the conversation and sends their own reply to that same email.

Soon you will have a series of emails with replies to a topic. Each reply should be listed under the previous one so everyone can follow along in the conversation.

It is not common to include a phishing message within an ongoing email conversation. People typically expect new messages, not part of an existing reply chain.

Due to this, reply-chain phishing attacks can be especially hazardous. They insert a convincing email phishing attack into an ongoing thread of an email response chain.

How Does a Hacker Gain Access to the Reply Chain

How can someone gain access to an email chain's reply chain conversation? By hacking into one of the email accounts belonging to those copied in it.

Hackers have the capacity to send emails from trusted addresses that other recipients trust and recognize, as well as read through replies in order to craft a reply tailored for the context.

They may notice that everyone is discussing the new product idea called Superbug. So they send back a reply saying, "I have some thoughts on the new Superbug product. Here's a link."

This link will take you to a malicious phishing website. It could infect your computer with malware or provide access to additional login credentials for cybercriminals.

Your email will look professional and courteous, because:

  • This email comes from a colleague's address, suggesting they are already part of the email conversation.

  • It may sound natural and serve as a helpful reference point during the discussion.

  • Personalization may also be employed. Hackers could potentially call other individuals by name from the replies chain they have seen.

Email Compromises in Businesses Are on the Rise

Business email compromise (BEC) has become so widespread that it even has its own acronym. Email breaches can be caused by weak passwords or unsecure credentials, while data breaches could potentially expose user logins in large databases - all contributing to BEC's growing popularity.

In 2021, 77% of organizations experienced business email compromise attacks - an increase of 65% from the prior year.

Data breaches are now often caused by credential theft. There is a good likelihood that one of your company email accounts may have been compromised at some point.

Hackers can leverage the BEC to make money through reply-chain phishing schemes. They may use it to install ransomware or other malicious software, as well as harvest sensitive data for sale on the Dark Web.

Tips to Combat Reply-Chain Phishing

Are you concerned that your company could be the next target of phishing attempts in reply chains? Here are ways you can reduce the chance of it happening.

  • Use a Business Password Manager: By doing this, employees are less likely to reuse passwords across multiple applications. Since they no longer need to remember them, employees can better protect themselves against using weak passwords.

  • Multi-Factor Controls for Email Accounts: Present a system question (or required code) This can be used to log in to email from an unusual IP address and protect against account compromise.

  • Help employees become aware: Being alert is the key to catching any email replies that seem slightly off. Unfortunately, attackers often make minor errors. Being aware can help ensure you do not miss anything important.

How secure are your email account protections?

Are you confident in providing enough security for all of your accounts? If not, don't worry! We offer email security solutions to keep you safer online.