Phishing has been the main cause of cyberattacks for a while. It’s used to launch attacks for everything from ransomware to credential theft. Scammers cleverly disguise an email to make it seem legitimate to lure recipients into opening dangerous file attachments or clicking links to malicious websites.

Even though phishing isn’t new, and companies regularly train employees on phishing and cybersecurity awareness, they continue to suffer from breaches that originate in this way. And things have been getting worse.

In 2020, 57% of surveyed organizations were victims of at least one successful email-based phishing attack. In 2021, that number jumped significantly to 83% of organizations being breached due to email phishing.

One of the reasons for the increase in successful attacks is that phishing scammers keep upgrading their tactics. As people become savvy to one type of ploy, they begin using another.

One of the dangerous phishing trends being seen that fools many people is reply-chain phishing.

Criminals Are Tricking People with Reply-Chain Attacks

In standard phishing, the recipient receives an email from a scammer. It could be disguised as being from a bank, potential customer, or even a work colleague. These emails can also be personalized. But they come as a single email and often from an unknown sender.

In a reply-chain phishing attack, hackers get a little more deceptive and insert their phishing email into an existing email conversation, also known as an email thread.

Most email programs give you the option to see the replies in an email conversation below the new reply. So, if you and your colleagues are weighing in on a new marketing brochure, you might see everyone’s input in the email body, from newest to oldest.

These types of email reply chains are something we see and contribute to every day. They’re familiar, and that familiarity is what hackers take advantage of.

In a reply-chain attack, a hacker takes over this email reply chain and inserts a phishing email that contains a malicious link or attachment. Because the email looks to be coming from a colleague and is part of an ongoing conversation, no one generally suspects that it is a scam.

Because of that trust factor, this type of attack can be very effective and trick a lot of people. Even those that consider themselves smart about phishing detection and cybersecurity.

How Do Reply-Chain Phishing Attacks Happen?

You may be wondering, “How does a hacker gain access to an email reply chain?” The answer is through an account takeover.

The criminal somehow gains access to the email account of one of the people in the email thread. This can occur in a number of ways:

• Hacker breaches a weak password that’s easily cracked

• Hacker purchases passwords on the Dark Web that were stolen in a data breach

• Hacker uses phishing to get a person to type in a password into a fake web form

• Hacker gains access to a person’s computer and can obtain passwords from that device

Once the criminal has gained access to a person’s email account, they begin looking for opportunities and monitoring for these reply to chains.

As soon as they see correspondence that includes an email thread, they can easily look down the conversation, and tailor their phishing email accordingly. This makes it even more convincing.

For example, if they see that a draft document has been going around with edits for a new sales contact. They can infuse a word document with malware, attach it, and then simply say in the email, “Hey everyone, here are my latest edits to the sales contract we’ve been working on.”

The combination of the email coming from an email address the other recipients know and trust and that the email jives with the conversation that’s been going on makes it a very potent attack.

Check Your Auto-Forward Rules!

What if you realize your email has been breached and you change your password? You’re safe then, right? You might not be.

Clever criminals will set up an auto-forward once they breach an email account, knowing their time may be limited until they’re found out. Some will have the main purpose of setting up the auto-forward and never leaving another trace, hoping the person doesn’t find out their emails are being breached.

Once the hacker has auto-forwarded someone’s email to their own address, they can look for these email threads and then spoof one of the participants’ email addresses when sending a reply to the chain.

They don’t always have to be emailing from a breached account’s address to make everyone else think they are.

It’s important to regularly check your forwarding rules to see if your emails are being forwarded without your knowledge. Most people won’t ever look at this setting if they don’t use this feature themselves for anything.

Get Better Email & Password Security Solutions Through BrainStomp

BrainStomp can help your business with effective email and password security features designed to fight the rise in phishing and keep you from suffering a costly attack.

Schedule a free consultation today! Call 260-918-3548 or reach out online.