Avoid Reply Chain Phishing Attacks
Phishing. Every remotely helpful article on cybersecurity these days mentions phishing. We keep harping on it because phishing remains the number one delivery vehicle for cyberattacks.
A cybercriminal might want to steal employee login credentials. Hackers could wish to launch a ransomware attack for a payout. Scammers plot to plant spyware to steal sensitive info. Sending a phishing email can accomplish any one or all of these goals.
80% of surveyed security professionals agree that phishing campaigns significantly increased in both size and quantity post-pandemic.
Phishing not only consistently works, but phishing campaigns are also increasing in volume due to the uptick in remote teams. Many employees now work from home full time. Unless they’re IT professionals, they usually don’t have the same network protections they had when working at the office.
Why does phishing keep working? Aren’t people finally learning what phishing looks like?
While people are generally more aware of phishing emails and how to spot them than a decade ago, these emails are become harder to spot as scammers evolve their tactics on an ongoing basis.
One of the newest tactics is particularly hard to detect. It is the reply-chain phishing attack.
What is a Reply-Chain Phishing Attack?
Nearly everyone is familiar with reply chains in email. One email is sent to two or more people, one member of the conversation replies, and that reply sits at the bottom of the new message. Then another person chimes in on the conversation, replying to the same email, and that reply is now at the bottom. When you open it, you see an entire chain of messages back and forth.
Soon, you have a chain of email replies on a particular topic. It lists each reply one under the other so everyone can follow the conversation. It’s useful for collaboration without hard time limits.
Nobody expects a phishing email tucked inside that ongoing email conversation. Nobody expects the Spanish Inquisition, either. Pop culture jokes aside, most people expect phishing to come in as a new message from an unknown source, not a message included in an ongoing reply chain.
The reply-chain phishing attack is particularly insidious because it does precisely that. This attack inserts a convincing phishing email within the ongoing thread of an email reply chain.
How Does a Hacker Gain Access to the Reply Chain?
How does a hacker gain access to the reply chain conversation? By hacking into and getting copied on the email account of one of the participants copied on the email chain.
The hacker then emails the phishing link from an email address that the other team members recognize and trust. The cybercriminal also gains the benefit of reading the entire chain of replies. Reading through everything enables them to write a nesting message that looks appropriate.
For instance, let’s say that everyone has been collaborating on an idea for a product called Keelix. So, acting like the person they hacked, they write a reply saying, “I’ve drafted up some thoughts on the Keelix project, here’s a link to the document.”
The link might look legit, but it points to a malicious phishing site. A phishing site could infect a visitor’s system with malware or show a login form a form to steal more login credentials.
The reply won’t appear like a phishing email at all. It convinces because:
⦁ The message originates from an email address of a colleague. This address has already been participating in the email conversation.
⦁ Conversation will sound natural and reference items in the discussion.
⦁ The hacker can personalize. The email can call others by the names the hacker has seen in the reply chain.
Business Email Compromise is Increasing
Business email compromise (BEC) occurances are so common that the practice now has its own acronym. Weak or improperly stored passwords lead to email breaches. Data breaches that reveal databases full of user logins also present serious issues. Both types of attack contribute to how common BEC is becoming.
In the year 2021, 77% of organizations saw business email compromise attacks. The year before the statistic was sitting at 65%.
Credential theft causes the largest of data breaches globally. So, there is a pretty good chance of a compromise of one of your company’s email accounts at some point.
The reply-chain phishing attack is one of the ways that hackers turn that BEC into money. They either use it to plant ransomware or other malware or to steal sensitive data to sell on the Dark Web.
Tips for Addressing Reply-Chain Phishing
Here are a few of the ways to lessen the risk of reply-chain phishing hitting your organization:
⦁ Utilize a Business Password Manager: This reduces the risk that employees will reuse passwords across many apps. It also keeps them from using weak passwords since they won’t need to remember them anymore.
⦁ Use Multi-Factor Controls on Email Account Logins:
⦁ Get the IT department to create a system challenge (question or required code). Insisting on the challenge for email logins from a strange IP address can stop account compromise.
⦁ Remind Employees to be Aware: Awareness is a huge part of catching anything that might be slightly “off” in an email reply. Attackers often make mistakes.
Why Is This Published By A Business Phone Company?
Here at NoContractVoIP, we believe that your success is our success. To get the latest helpful content delivered to your inbox every month, subscribe to our newsletter here.
Looking for the finest stress-free custom business telephone systems? Contact us or call today at 866-550-0005!