Look Out for Reply Chain Phishing Attacks
Phishing not only still works, but is increasing in volume due to the shift to remote teams. Many employees now work from home. They do not have the same network protection as they do in the office.
It's true that people are generally more aware of phishing emails and know how to spot them than they were a decade ago. But it's also true that these emails are getting harder to spot as scammers evolve their tactics
One of the latest tactics is particularly difficult to detect. It is a reply-chain phishing attack.
Just about everyone is familiar with reply chains in emails. An email is copied to one or more people, one person replies, and that reply is inserted at the end of the new message. Then another person joins the conversation and replies to the same email.
Soon you have a chain of email responses on a particular topic. The individual replies are listed below the other so that everyone can follow the conversation.
You do not expect a phishing email to be hiding in this ongoing email conversation. Most people expect phishing to arrive as a new message, not as a message in an ongoing chain of replies.
The response chain phishing attack is particularly insidious because it does just that. It inserts a convincing phishing email into the running thread of an email response chain.
How does a hacker gain access to the conversation in the reply chain? By hacking the email account of one of the people copied in the email chain.
The hacker can mail from an e-mail address that the other recipients know and trust. He also has the advantage of being able to read the chain of replies. Thus, they can compose a reply that looks like it'll fit.
For instance, they may see that everyone has commented on a new product idea for a product called Superbug. So they send a reply that says, "I wrote down some thoughts on the new product Superbug, here's a link to see them."
The link leads to a malicious phishing website. The page might infect the visitor's system with malware or display a form to steal more credentials.
The response won't look like a phishing email at all. It'll be convincing because:
Business email compromise (BEC) is so widespread that it now has its own acronym. Weak and insecure passwords lead to email breaches. So do data breaches that expose databases of user logins. Both contribute to BEC being so widespread.
In 2021, 77% of organisations faced attacks on business email. This is an increase from 65% the year before.
Credential theft has become the leading cause of data breaches worldwide. So the likelihood of one of your company's email accounts being compromised at some point is quite high.
The response chain phishing attack is one of the ways hackers monetize BEC. They use it either to inject ransomware or other malware to steal sensitive data and sell it on the dark web.
Below are some ways you can reduce the risk of reply chain phishing in your organisation
This reduces the risk of employees reusing passwords in many applications. It also discourages them from using weak passwords, as they no longer have to remember them.
Set a system challenge (question or required code). If you use this for email logins from a foreign IP address, you can prevent your account from being compromised.
Mindfulness plays a big role in spotting anything that might be "wrong" in an email response. Many attackers make mistakes.
Have you protected your business email accounts enough to prevent an attack? Let the Onyx IT team know if you need help! We have email security solutions that can help you protect yourself better.
Article used with permission from The Technology Press.
T: 01603 414142
E: getintouch@onyx-it.co.uk
Onyx IT has been supported by New Anglia Local Enterprise Partnership through the Growing Business Fund