reply chain email attacks

What are reply chain email attacks?

Remember those chain letters you used to receive that promised untold wealth if you sent the required copies, and untold terror if you didn’t? Well, other than being similarly aggravating, reply-chain email attacks aren’t at all like that!

A reply-chain email attack is a form of cyberattack that involves a phishing email tucked inside an ongoing email conversation (your ‘reply chain’). While typical phishing attacks attempt to parody a sender with a forged address, this more sophisticated attack hijacks a legitimate email correspondence chain and inserts a phishing email into the existing email conversation.

How do email reply chain cyber attacks work?

This technique, also known as ‘reply-chain phishing’ or ‘thread hijack spamming’, begins with hackers (using various methods) gaining access to one or more email accounts within an organisation. Once they’re ‘in’, cybercriminals can begin monitoring conversation threads for opportunities to infiltrate ongoing chains of conversation with ransomware/malware or links to a form to steal more login credentials.

Why are reply chain attacks so dangerous?

This sophisticated form of cyberattack works particularly well because:

  • The attacker can read a conversation trail and more convincingly pose as a member of the email chain, referencing items in the discussion and calling others by name.
  • The reply in the thread comes from a colleague’s email address – likely a co-worker that the email recipients know and trust, and who has previously been participating in the email conversation. 
  • Employees are not expecting malicious activity embedded in the middle of an ongoing discussion; their normal ‘phishing radar’ is not necessarily operative.  

How can you protect against reply chain phishing?

Best practice?

Firstly, ensure there is no re-use of passwords within your business. All accounts should have unique (strong!) passwords and should ideally be backed by multi-factor authentication

Secondly, and perhaps even more importantly, your employees need to be brought up to cyber-secure speed with regular, ongoing awareness training. Your staff should be trained to treat any email – even those within ongoing chains – with caution, particularly if they’re furnished with links or attachments. Your security training can also include the mandated use of other internal communication platforms – such as Slack or Microsoft Teams – to check the legitimacy of any emails that seem suspect.

How strong are your email account protections?

Remember, it can take businesses months or even years to recover from a successful cyberattack. You do not want your business to become a phishing statistic! If you’re not 100% certain that you have enough protection in place on your business email accounts to prevent a breach, please give us a call! Geelong Technology Group can provide email cybersecurity solutions that can keep you – and your sensitive business data – better protected.

Give us a call to find out more on 1300 GET GTG (1300 438 484) or stop by our showroom at 166 Francis St, Belmont.