Email-based phishing attacks are one of the biggest threats that companies face. Just one wrong link clicked by a fooled employee can lead to a devastating ransomware infection or account takeover.
It can take small businesses months or years to recover from a successful cyberattack that happens in just seconds. Cybercriminals continually come up with new ways to trick people into opening malicious file attachments or clicking links to phishing sites.
And despite all we know about phishing attacks that are imparted to staff during employee awareness training, attacks and victims keep rising.
Between 2020 and 2021, the percentage of organizations that fell victim to at least one successful email-based phishing attack. Jumped from 57% to 83%.
One of the newest attack ploys used by cybercriminals is the reply-chain attack.
Reply-Chain Phishing Attack Explained
We’ve all been in those email chains where everyone on the chain is in each reply. This is commonly used to track conversations about a particular topic within an organization.
If you reply to the same email message, then it stays cataloged within the “conversation” by the email program and can be easier to find among other non-related emails.
The reply-chain phishing attack is when attackers hijack that conversation. They pose as one of the people being copied on the conversation chain and slide in a link or malicious attachment.
How do they gain access to the email reply chain?
They do this in one of two ways:
- They breach the email account of one of the participants in the chain and are able to send an email posing as them from their account.
- After an email breach, they put in a forward of that email address to their own address as a safeguard should the account password change. They get a copy of the email and spoof a recognized email address to reply.
The most convincing reply-chain method is to breach a person’s email account and reply as them from their email address.
Why Reply-Chain Attacks Are So Dangerous
It Comes from a Colleague’s Email Address
The reply-chain attack is done on a colleague’s email address in most cases. This is an email that the recipients know and trust. They may even email back and forth with this coworker several times per week, so they’re not suspecting phishing.
The Attacker Can Read the Conversation Trail
The benefit to an attacker of being able to read the conversation trail in the reply chain is that they can pose as the person more convincingly.
For example, if they see that everyone has been weighing in on a new marketing brochure design, and the person whose account they’ve breached was the last to send back notes, they can say something that fits the conversation. Such as, “I had a few more thoughts on this design. I’ve added them to this Word document” and provide a link to a phishing site.
Because the email fits the conversation, recipients are less likely to be wary of clicking the shared link.
Employees Are Not Expecting It
Employees are typically expecting phishing to come in as one-off messages, not in the middle of an ongoing email conversation inside the organization. So, their “phishing radar” isn’t generally activated when replying to ongoing email chains.
People are commonly replying and reading replies to these types of emails daily, and aren’t going to contact every recipient every time to ensure the email came from them.
Email Compromise is More Common Than You May Think
According to Proofpoint’s State of the Phish report, in 2021, 77% of surveyed organizations suffered business email compromise attacks. Credential theft also rose to become the number one cause of data breaches last year.
This makes reply-chain phishing more likely to happen as hackers realize it’s an easy way to strike while defenses are down.
How Can You Protect Against Reply-Chain Phishing?
There are a few different things you can do to improve business cybersecurity and protect against reply-chain phishing attacks.
Use Multi-Factor Authentication on Email Where Possible
Multi-factor authentication is one of the strongest protections against compromised accounts. Check to see if you can put this in place on your business email accounts.
Make Employees Aware of Reply-Chain Phishing
Awareness is key to identifying when a reply may not sound a little “off” so train employees on the risk of reply-chain phishing. If they know to be on guard, they can more easily detect a phishing reply.
Use Internal Messaging Apps More
Many companies are switching to applications like Microsoft Teams and Slack for much of their internal communications. They do this because it’s faster than email and often easier to track. But it can also be more secure.
By using a messaging app for the bulk of internal communications, you avoid email reply chains that hackers can hijack.
Schedule an Email Security Checkup Today
How secure are your business email accounts? Connect2Geek can do an email security checkup for your Treasure Valley area business and recommend commonsense solutions to better secure your accounts.
Schedule your free consultation to learn more today! Call 208-468-4323 or reach out online.