What are Email Reply-Chain Phishing Attacks?
Email Reply-chain phishing is a hidden tactic used by relentless cybercriminals. But why is this type of attack being used and how can it catch you out?
What is an Email Reply-Chain Phishing Attack?
A reply-chain email is exactly what it sounds like – a chain of replies to an email. When an email is sent to one or more people, each reply to that email sits under the previous reply creating a chain that all recipients can view.
You wouldn’t expect a phishing email to be hidden away inside an ongoing email conversation. Most people expect phishing to come in as a new message.
And this is exactly why Email Reply-Chain Phishing is effective. It inserts a convincing phishing email inside of an ongoing email thread.
How do Hackers get into the email-chain?
You’re probably wondering how hackers manage to get into an already created email-chain? They manage to do this by hacking the email account of one of the users within the conversation.
The hacker can then email from an email address the other recipients recognise and trust, making it even more believable.
What is the goal of Reply-Chain Phishing?
Once the hacker is able to reply within the email chain, their objective is to get the other recipients to click a link. This link will lead to a malicious phishing site which may infect the visitors’ systems with malware, or attempt to steal some form of payment details.
Why is Reply-Chain Phishing effective?
The hacker’s reply won’t seem like a phishing email at all. It’ll be very convincing for multiple reasons:
– It appears to come from a colleague’s email address, so other recipients are more likely to trust it. That colleague might even have responded earlier in the chain, making the phishing email seem even more legitimate.
– It might sound natural and reference items in the discussion.
– May use personalisation. The hacker can see everything in the chain, so they can personalise the emails by using another recipient’s name.
How to protect your business from Reply-Chain Phishing
Here’s what you can do to address the rise in reply-chain phishing attacks:
– Use a password manager. This reduces the risk that employees reuse passwords across multiple apps. It also encourages much stronger passwords, making it more difficult for hackers to get access.
– Use Multi-factor Authentication. We talk about the importance of MFA a lot for a reason. It’s the best way to keep your accounts secure. You can learn more about why you should have MFA enabled here.
-Provide employees with Cyber Security Training. Awareness is a huge part of catching anything that might be suspicious, especially when it comes to reply-chain phishing. You can learn more about Cyber Security training here.
Worried about your business getting hacked?
Identify ways to improve your Cyber Security with our short 12-question quiz.
How Can Reformed IT Support Your Business
There are many reasons that IT support with Reformed IT is a great choice for your business or organisation. If you choose Reformed IT for your IT support, you’ll receive all these benefits including help from members of our experienced team when needed.
Unlimited IT Support
We provide fully inclusive, onsite and remote IT support. In addition to that, it won’t cost you extra for an engineer to attend your site to resolve a technical issue.
Device Status Monitoring
When we take on your IT support, we deploy our monitoring agent onto all devices and servers. This alerts us to any issues which you may be unaware of.
Data Breach Monitoring
There are over 8 billion breached passwords and personal information available on the dark web. There’s a possibility that some of this data relates to your employees. We’ll monitor dark web activity and provide reports of breached passwords.
Cyber Essentials Certification
We ensure every one of our clients achieve their Cyber Essentials certification at no additional cost. We also help them towards Cyber Essentials Plus ensuring that everything is ready for assessment.
Office 365 Monitoring
We monitor your Microsoft 365 tenancy with our 24/7 security operations centre. If there is strange activity we’ll find it immediately and alert you or resolve the issue straight away. Keeping your business secure.
Everyone wants to avoid computer viruses. We include anti-virus software as part of our IT support package to keep your devices safe and to save time when it comes to viruses.
Over 90% of cyber attacks start with a phishing email. It’s crucial that your business has the best defence against cyber criminals and scams when regarding your mailbox.
Backups for Office 365
We will ensure that all of your emails and files are backed up, at no extra cost. We recognise the importance of backups and disaster recovery so we feel it shouldn’t be an added extra.
Managed Email Signatures
With our included Exclaimer signatures for Office 365 service, you can get more out of your email signatures instead of a simple message with no images.
Cyber Security Training
To keep you even safer from hackers, we provide globally recognised and market leading Cyber security training by KnowBe4. This online training portal will provide your teams with guidance and information to reduce the risk of hackers and scams.
Asset and Warranty Tracking & Reporting
We provide you with a list of your current assets in the business by using our powerful remote management tools. This creates a monthly asset report so you can keep track of your hardware life cycles.
Reformed IT Academy
We’ll provide your business with the best IT training and learning sources. With the Reformed IT Academy, you’ll be able to watch and complete over 700 courses to help grow your knowledge and skills.
Password managers make storing and creating passwords much easier and safer. Keeper password manager also auto-fills passwords making the sign in proccess much quicker.
We have over 30 years of combined IT support experience. We like to use analogies and stories to explain technical terms instead of baffling you with science.