REPLY CHAIN PHISHING ATTACKS
Phishing is still the number one delivery vehicle for cyberattacks. Phishing not only continues to work, but the volume keeps increasing. Why has phishing continued to work so well? People are more aware of phishing emails, but cybercriminals continue to evolve their tactics. One of those tactics is the Reply-Chain Phishing attack.
Just about everyone is familiar with reply-chains in email. An email is copied to one or more people, one replies, and that reply sits at the bottom of the new message. Then another person chimes in on the conversation, replying to the same email. Soon, you have a chain of email replies on a particular topic. It lists each reply one under the other so everyone can follow the conversation.
Most people are expecting phishing to come in as a new message, not a message included in an ongoing reply chain. Reply-chain phishing attacks do just that, insert a phishing email in the ongoing thread of emails.
A few ways to lessen the risk of reply-chain phishing in your organization is to add multi-factor authentication on email accounts, teach employees to be look for unusual email replies, and to add a password manager so employees are less likely to use weak or repetitive passwords.