You cannot read an article on cybersecurity nowadays without coming across the term Phishing. Why? Because of all the threats out there, phishing still remains the #1 delivery method for cyber attacks.
Phishing can do it all. If a cybercriminal wants to steal login credentials – time to go Phishing. If they want to launch a ransomware attack for a big payday – time to go Phishing. If they want to steal sensitive data- it’s Phishing time.
The unfortunate reality is that it has gotten even worse following the pandemic.
80% of surveyed security professionals stated that phishing attempts has significantly increased post-pandemic.
Simply put, Phishing works for cybercriminals and with the increase in the remote work force, attackers have amplified efforts. Working from home often means less network protection than at the office, creating more vulnerabilities.
You would think that after all these years, people would finally learn what a phishing attempt looks like and come out the victor. But, it’s not always that simple.
Yes, there is a more general awareness of what Phishing is, yet at the same time scammers are becoming more sophisticated with their tactics, often making it extremely hard to spot them.
Consider one of the newest tactics – the reply-chain phishing attack. This one can certainly fly under the radar and avoid detection.
What is a Reply-Chain Phishing Attack?
You are probably familiar with reply chains in your emails, even if you are unware of it. An email is sent to multiple recipients. Someone replies, and now that reply sites at the bottom of the message. Another person chimes in on the conversation, and now their reply sits at the bottom of the email.
Before long, you have a chain of replies for that particular conversation, making it easy for everyone to follow the conversation.
Here is the kicker – most people do not expect a phishing attack to be hidden inside an ongoing email conversation. No, you expect a phishing attack to come in as a new message.
This is why the reply-chain phishing attack is so insidious. It injects a convincing phishing email in the email reply chain of an ongoing conversation from trusted recipients.
How Does a Hacker Gain Access to the Reply Chain?
Now you may ask, how does a hacker gain access to an ongoing email conversation. Simple. They hack the email account of one of the people involved in the email chain.
Now the hacker is emailing from an email address that you recognize and trust. This allows them to read through the entire email conversation and craft an extremely compelling message that fit perfectly into the conversation.
Perhaps you are having a conversation about a new phone system you would like to implement in your practice. So the hacker sends a reply that says, “I wrote up a few thoughts on the pros and cons of the new phone system, here’s a link to see it.”
We all know where that link is going to send you. Right to a malicious site designed to steal your info and infect your systems.
Convincing, isn’t it? Here’s why:
- It comes from an email address of a colleague that has already been participating in the conversation.
- It sounds natural and references relevant items that are already part of the conversation.
- It can use personalization – calling others out by name.
Business Email Compromise is Increasing
Business email compromise (BEC) has become so common that it even has its own acronym. Passwords that are unsecure and weak often lead to email breaches. The same applies to data breaches that unlock databases that are full of user credentials.
In 2021, 77% of organizations saw business email compromise attacks. A 65% increase from 2020.
When it comes to data breaches across the globe, credential theft is the leading cause. At some point, your business emails will suffer the same type of compromise.
The reply-chain phishing attack is just one way that hackers turn BEC’s into money.
Tips for Addressing Reply-Chain Phishing
Nobody wants their practice to fall victim to a reply-chain phishing attack. Reduce the risk by implementing the following:
- Password Manager:
Eliminate the chances that employees are reusing password across multiple accounts. Keep them from using weak passwords – instead implement strong passwords (with a password manager, you don’t need to remember them!)
- Multi-Factor Authentication:
Stop account compromise by implementing multi-factor authentication on your email accounts.
- Teach Employees to be Aware:
Humans are the weakest link in the cybersecurity chain. Train your employees. Awareness is going to play one of the biggest parts in recognizing and preventing a phishing attack.
Are your email accounts protected?
Have you implemented sufficient protection measures to keep your business emails safe? Let us know if you’d like some help assessing your current situation!