Reply-Chain Phishing Attacks

Phishing is a terrifying possibility for anyone. That’s because phishing is still the number one delivery vehicle for cyberattacks. According to Forbes, almost 80% of surveyed organizations were hit by ransomware attacks in 2021.


Malicious emails still work, and scammers are now using a tactic that makes the emails even harder to spot. This is known as a reply-chain attack — a convincing phishing scam inserted into an ongoing email conversation. They look familiar, but they trick you into sharing confidential information.


Luckily, BetterWorld Technology is here to give you awareness and tips to avoid being a victim of phishing!


How Does a Hacker Gain Access to the Reply Chain?

A hacker may gain access to the reply chain by hacking the email account of one of the people copied on the email chain. When this happens, they could craft a very effective response using the person’s email address. They can also add other details to make it look authentic, such as:

  • It’s from a colleague’s email address.

  • The address has already been involved in the conversation.

  • The email uses personalization and goes with the flow of the conversation naturally.


Business Email Compromise (BEC) Is on the Rise

With this new phishing technique, we believe that BEC is increasing — pushing the FBI to alert organizations. Statistics can support this claim. SC Media reported 77% BEC attacks in 2021 — 12% higher than 2020. A combination of weak passwords and data breaches is a leading cause of this growing crime.


Network security protocols have not been constructed to prevent BEC attacks. Unfortunately, any company is at risk for credential theft. BetterWorld Technology is dedicated to protecting your organization with its cybersecurity services.


Tips for Avoiding Reply-Chain Phishing

Fortunately, there are ways to protect your employees and organization from the dangers of reply-chain phishing, such as:

  • Leveraging a Business Password Manager to avoid duplicate and weak passwords

  • Incorporating login verification or code when using a new device or IP address

  • Educating your employees about cybersecurity issues or phishing attacks.


Start Protecting Your Email Account

Have you taken steps to ensure that your business email accounts are protected from breaches? Whether your business is in Georgia, California, or anywhere in the US or Toronto, our friendly team is willing to help secure your information.

0 comments