You Need to Watch Out for Reply-Chain Phishing Attacks

WELCOME TO SOLUTIONS SQUAD!

We understand that your focus is to drive business growth and stay ahead of the competition. That’s why our Expertly Managed IT services are curated to streamline your operations, help secure your business, and ensure your technology scales with your ambition. We bring a proactive approach to IT management, offering tailored solutions that keep you connected and protected. With services ranging from real-time monitoring to cutting-edge cybersecurity and disaster recovery planning, we’re here to empower your strategic decisions with our Virtual CIO and co-managed IT support. We stand by a security-first ethos, reinforced by our dedicated helpdesk, ensuring clear assistance in plain English, anytime you need it. We are your partner in building a resilient, efficient, and innovative IT infrastructure, freeing you to focus on what you do best: running your business.

Empower Your Business with Expert IT Support

Unlock efficiency and secure your digital assets with our Expertly Managed IT services—where peace of mind meets innovation.

Book Your Quick Chat Now

Phishing. It seems you can’t read an article on cybersecurity without it coming up. That’s because phishing is still the number one delivery vehicle for cyberattacks.

A cybercriminal may want to steal employee login credentials. Or wish to launch a ransomware attack for a payout. Or possibly plant spyware to steal sensitive info. Sending a phishing email can do them all

80% of surveyed security professionals say that phishing campaigns have significantly increased post-pandemic.

Phishing not only continues to work, but it’s also increasing in volume due to the move to remote teams. Many employees are now working from home. They don’t have the same network protections they had when working at the office.

Why has phishing continued to work so well after all these years? Aren’t people finally learning what phishing looks like?

It’s true that people are generally more aware of phishing emails and how to spot them than a decade ago. But it’s also true that these emails are becoming harder to spot as scammers evolve their tactics.

One of the newest tactics is particularly hard to detect. It is the reply-chain phishing attack.

What is a Reply-Chain Phishing Attack?

Just about everyone is familiar with reply chains in email. An email is copied to one or more people, one replies, and that reply sits at the bottom of the new message. Then another person chimes in on the conversation, replying to the same email.

Soon, you have a chain of email replies on a particular topic. It lists each reply one under the other so everyone can follow the conversation.

You don’t expect a phishing email tucked inside that ongoing email conversation. Most people are expecting phishing to come in as a new message, not a message included in an ongoing reply chain.

The reply-chain phishing attack is particularly insidious because it does exactly that. It inserts a convincing phishing email in the ongoing thread of an email reply chain.

How Does a Hacker Gain Access to the Reply Chain?

How does a hacker gain access to the reply chain conversation? By hacking the email account of one of those people copied on the email chain.

The hacker can email from an email address that the other recipients recognize and trust. They also gain the benefit of reading down through the chain of replies. This enables them to craft a response that looks like it fits.

For example, they may see that everyone has been weighing in on a new product idea for a product called Superbug. So, they send a reply that says, “I’ve drafted up some thoughts on the new Superbug product, here’s a link to see them.”

The link will go to a malicious phishing site. The site might infect a visitor’s system with malware or present a form to steal more login credentials.

The reply won’t seem like a phishing email at all. It will be convincing because:

It comes from an email address of a colleague. This address has already been participating in the email conversation.
It may sound natural and reference items in the discussion.
It may use personalization. The email can call others by the names the hacker has seen in the reply chain.

Business Email Compromise is Increasing

Business email compromise (BEC) is so common that it now has its own acronym. Weak and unsecured passwords lead to email breaches. So do data breaches that reveal databases full of user logins. Both are contributors to how common BEC is becoming.

In 2021, 77% of organizations saw business email compromise attacks. This is up from 65% the year before.

Credential theft has become the main cause of data breaches globally. So, there is a pretty good chance of a compromise of one of your company’s email accounts at some point.

The reply-chain phishing attack is one of the ways that hackers turn that BEC into money. They either use it to plant ransomware or other malware or to steal sensitive data to sell on the Dark Web.

Tips for Addressing Reply-Chain Phishing

Here are some ways that you can lessen the risk of reply-chain phishing in your organization:

Use a Business Password Manager:

This reduces the risk that employees will reuse passwords across many apps. It also keeps them from using weak passwords since they won’t need to remember them anymore.

Put Multi-Factor Controls on Email Accounts:

Present a system challenge (question or required code). Using this for email logins from a strange IP address can stop account compromise.

Teach Employees to be Aware:

Awareness is a big part of catching anything that might be slightly “off” in an email reply. Many attackers do make mistakes.

How Strong Are Your Email Account Protections?

Do you have enough protection in place on your business email accounts to prevent a breach? Let us know if you’d like some help! We have email security solutions that can keep you better protected.

—
Featured Image Credit

This Article has been Republished with Permission from The Technology Press.

SolutionsSquad

Don’t miss out on all the benefits – subscribe now and take your business to the next level!

Get exclusive access to expert insights and tips for leveraging technology to grow your business.
Stay up to date on the latest tech trends and advancements that can help you stay ahead of the competition.
Join a network of business leaders who are committed to using technology to drive success and innovation.
Receive personalized support and guidance from our team of IT experts.
Enjoy a more streamlined and secure digital experience with our insider tips and tricks.

Network Security: Your Digital Shield in Coral Gables

Hey there, Coral Gables business owners! In today’s digital landscape, the security of your network is more crucial than ever. Let’s dive into the importance of network security and how a Managed IT Services provider like Solutions Squad can be…

closeup photo of turned-on blue and white laptop computer

What Is Microsoft Security Copilot? Should You Use It?

It can be challenging to keep up with the ever-evolving cyber threat landscape. Companies need to process large amounts of data. As well as respond to incidents quickly and effectively. Managing an organization’s security posture is complex.That’s where Microsoft Security…

Free cloud computing connection cloud vector

Smart Tactics to Reduce Cloud Waste at Your Business

Cloud computing has revolutionized the way businesses operate. It offers scalability, flexibility, and cost-efficiency. But cloud services also come with a downside: cloud waste.Cloud waste is the unnecessary spending of resources and money on cloud services. These services are often…

Unlocking the Power of Managed IT Services in North Lauderdale

Hey there, business owners of North Lauderdale! Have you ever found yourself wondering if there’s a better way to handle your company’s IT needs? Well, you’re in luck because today, we’re diving into the world of Managed IT Services and…

Free secure computer protect computer vector

Eye-opening Insights from the 2023 Annual Cybersecurity Attitudes and Behaviors Report

We are living in an era dominated by digital connectivity. You can’t overstate the importance of cybersecurity. As technology advances, so do the threats that lurk in the online world.Often, it’s our own actions that leave us most at risk…

Boost Your Hallandale Beach Small Business with Expert Tech Support Services

Boost Your Hallandale Beach Small Business with Expert Tech Support Services Hello, Hallandale Beach entrepreneurs! Are you tired of tech troubles slowing down your small business? You’re not alone. In today’s digital world, having reliable tech support is essential. That’s…