What Are Reply-Chain Phishing Attacks?

What reply-chain phishing attacks are and how to secure your company against them

Phishing. You hate to see it. We hate to see it too, which is why we put advanced email security tools in place for all of our clients, but more on that later!

Here's something you need to know: email is still the primary attack surface for most cyber attacks, and phishing is the number one tool in a cybercriminal's tool belt.

Whether a cybercriminal wants to steal login credentials, launch a ransomware attack, or plant spyware to steal your company's sensitive information, sending a phishing email is that cybercriminal's typical starting point.

So how bad is it? Well, 80% of surveyed security experts agree that phishing campaigns have significantly increased post-pandemic.[1]

Phishing continues to be an all-too-successful method of attack, and is unfortunately increasing in volume. This is in part due to the move to a more remote workforce—because more employees are working from home, they don’t have the same security protections in place that they would typically have in the office. Fortunately Fluid MSP employs security tools that offer additional layers of protection regardless of where a user happens to be working from, but we'll come back to that in a bit.

So how is it that phishing continues to be so successful? Haven't people learned how to spot phishing emails?

While it's fortunately true that people these days are generally more aware of how to spot a phishing attempt, this has unfortunately lead to scammers and cybercriminals continuing to hone and refine their tactics, making some well-crafted phishing emails harder and harder to spot.

The reply-chain phishing attack is one of these new tactics, and we want you to be aware of what it is and how to protect yourself and your company from it.

What is a Reply-Chain Phishing Attack?

We'll assume at this point everyone is familiar with an email reply-chain, but just in case you need a quick refresher: An email reply-chain occurs when an email is sent to one or more people, and then the recipients of that email continue to reply to the original email. With every reply, the original message content is typically embedded further and further down in the conversation.

Eventually, you have a chain of replies within one email subject or thread. Each older reply is listed underneath each newer reply, so everyone can see the entire conversation simply by scrolling down.

This is where the reply-chain phishing attack comes in. While your average person has become vigilant for more traditional phishing emails that come in the form of a brand new email, most people simply aren't expect a phishing email tucked inside an ongoing email conversation.

The reply-chain phishing attack is such a threat because it inserts a convincing phishing email within an ongoing email reply chain.

How Do Attackers Get Access to Email Reply Chains?

How do hackers insert their email into a reply chain conversation? They hack the email account of one of the people in the email thread.

Once a hacker has infiltrated a user's email account, they can then send emails from an email address that their fellow team members already recognize and trust. Additionally, they're then able to read through the existing reply chain, allowing them to craft more realistic responses that can be very hard to detect.

For example, suppose they read in the email thread that everyone has been discussing a new product called "MightyMap." They could then craft a reply that says something along the lines of, “I’ve drafted up some ideas on our MightyMap rollout. Here’s a link to see them.”

That link may look normal, but will actually point to a malicious phishing website, which could then infect the visitor’s computer with malware, present a form to steal additional login credentials, or use any other number of tactics to compromise that user's and/or company's security.

The reply-chain phishing email is so convincing because:

  • It comes from the trusted email address of a colleague.
  • It can match the style and tone of the person it is impersonating.
  • It might reference previously discussed topics in the conversation.
  • It may be personalized to call out other employees by name.

Business Email Compromise is On the Rise

Business email compromise (BEC) is now so common that it has its own acronym. Major contributors leading to the increase of BEC are weak and/or unsecured passwords, and security breaches that reveal databases full of user logins.

In 2021, 77% of businesses saw BEC attacks—a 65% increase from the year before.[2]

The main cause of security and data breaches globally? Credential theft.

Unfortunately, this means that there's a good chance that one of your company's email accounts has been compromised at some point.

Hackers can turn that BEC into money by using a reply-chain phishing attack to plant ransomware or other malware on an unsuspecting user's computer, and then harvest sensitive personal and/or company data to sell on the Dark Web.

Tips for Repelling Reply-Chain Phishing Attacks

So how can you prevent reply-chain phishing attacks from ruining more than just your day? Here are a few solutions to help prevent reply-chain phishing in your organization:

Use a Business-Grade Password Manager

This helps reduce the prevalence of employees reusing the same or similar passwords across multiple websites, helps enforce strong passwords, and simplifies the login process, increasing productivity.

Enforce Multi-Factor Authentication on All Email Accounts

Multi-Factor Authentication (MFA, also sometimes referred to as Two-Factor Authentication, or 2FA), is now a standard security practice for all modern organizations, and can greatly help reduce the risk that compromised usernames and passwords pose.

Teach Employees How to Spot Phishing Emails

Even basic training of employees on how to identify suspicious emails and what to do if they're unsure can greatly increase the chances that they don't fall for a reply-chain phishing attack.

We're Here to Help

While today's threat landscape is becoming increasingly complex, and it might seem like an uphill battle to try to secure yourself, your employees, and your company's data, it doesn't have to be! At Fluid MSP, we implement today's most effective tools to keep your company safe, including a built-in business-grade password manager, industry-leading multi-factor authentication, single sign-on (SSO), and automated end-user training—all at no extra charge.

So do you have enough protection in place on your business email accounts to prevent a breach? Book a meeting today if you’d like some help! We have email security solutions that can keep you protected.

Notes