What’s a Reply-Chain Attack & Why Do I Need to Worry About It?

What's a Reply-Chain Attack & Why Do I Need to Worry About It

The number one vector criminals use to get access to organizations remains phishing. Once cybercriminals gain access to a network device through these phishing attacks, they deploy malware like ransomware or compromise business emails to get the company to wire money to them. These attacks can result in incredible losses for many businesses. 

The latest phishing technique that has been making the rounds since the pandemic is reply-chain phishing attacks. 

What is a reply-chain attack?

Reply-chain phishing, sometimes called an email chain attack, is similar to a thread hijacking spam. In a reply-chain attack, malicious agents will compromise your email, log in as you, then sit back to monitor your emails. From there, they can figure out the command chain in the organization, such as who reports to whom, who has access to money, who can authorize wire transfers, and so on. 

Because the conversations are between colleagues who inherently trust each other, they can efficiently and effectively hijack one of the ongoing conversation threads, insert malware typically as an attachment and send it to the thread. 

How it works

First, they log in to your account since a reply chain doesn’t work without access to a compromised email account. Then they look for an incredibly convincing thread, preferably one you’ve sent attachments to. So, when they (posing as you) send an attachment with malware, no one is wiser. 

Another trick that makes reply-chain attacks hard to spot is that they go into your email rules and set up rules that redirect emails from specific people containing particular words or attachments, your trash. 

They also set up rules that send any email trying to notify the original account owner that they may have been hacked into the trash, so the original owner of the account remains ignorant of what’s happening. 

Why do I need to worry about a reply-chain attack?

A major reason to worry about these types of attacks is their effectiveness. The usual warning flags that help you identify a phishing attack are usually absent in reply-chain attacks. 

Even the most cautious and well-trained personnel fall for email reply chain attacks since they are usually well-crafted and free of grammatical errors common to regular phishing attacks. The fact that the reply is from a legitimate sender, not to mention it is part of an existing conversation, lends credibility to these attacks. This makes even the most cyber-security-aware personnel vulnerable to this technique.

How Can I Stay Safe from Reply-chain attacks?

Due to the indirect nature of this attack, it may seem impossible to protect against it, especially at first glance.  Here are some tactics you can use to reduce the risk of falling victim to this at your Sturgeon Bay area business.

Turn Off Office Macros

The first security measure is always to keep your Microsoft Office Macros turned off. If any document asks you to turn on your macros is a potential threat. Hackers use MS Office files that demand access to macros as a common attack vector. 

Keep Your Operating System Updated

Update your operating system regularly. This helps to reduce the risk of a hacker gaining entry via a known vulnerability that hasn’t yet had an available patch applied to it.

Be Wary of Opening Any Attachment (Even from Known Emails)

Always pay attention to the type of file you’re opening and use an antivirus/anti-malware program that scans for malware. Use this even if you know the person that sent the email. It only takes a few additional seconds to run a file attachment through this scanning process.

Teach Employees to Be Aware

Most organizations often carry out security awareness training, so workers know not to open emails from unknown senders. Unfortunately, with reply-chain attacks, the sender is someone you trust. This means employees need to be extra cautious when interacting with emails from trusted sources and need to understand that business email compromise (BEC) is a growing problem. 

Protect Your Email Account from Being Breached

Protect your email account using 2FA and a strong password, and use a password manager to securely store your passwords. Encourage your colleagues and friends to do the same. Attackers can send messages from a victim’s account without them knowing using techniques like alternate inboxing. So, it’s your job to make it hard for them to compromise your email in the first place. 

If you see a suspicious-looking email, verify its authenticity by contacting the sender, preferably through a phone call. The sender should be able to prove their activity. They should immediately change their password and contact the company’s IT team if they say they didn’t send the email.

Get Great Email Security Solutions from Quantum Technologies 

Learn more about staying safe from the latest cyberattacks. Call us at (920) 256-1214 or use the contact form to reach out.