Reply-Chain Attacks: How Scammers Use Email to Compromise Your Business

Phishing attacks are particularly disastrous for businesses – hackers can disrupt internal operations, gain access to confidential data, and cause monetary loss – all of which can damage the reputation of your company. For this reason, several companies engage in training their staff on ways to identify potential phishing emails.

But, with scammers becoming smarter, phishing emails, or malicious emails, can still slip into your inbox undetected, and cause disastrous effects. One such method scammers use is reply-chain phishing, which is highly dangerous for businesses. To safeguard your business from falling victim to reply-chain attacks and similar scams, you need to be aware of how hackers can trick your employees by sending malicious links in group email chains.


What Exactly Is A Reply-Chain Phishing Attack?

Organizations often use reply chains for internal communication. This is especially useful for teamwork, as all the emails in a particular conversation are visible as a list to all recipients, and anyone can drop in new ideas or feedback. This particular scenario can leave organizations open to email breaches and sometimes from convincing phishing emails.

If a scammer gains access to any such email conversations, they can easily launch a reply-chain phishing attack. But how do they do it? Well, if they can breach the email account of any employee who is part of the email chain and gain access to their passwords, they can join in the ongoing email conversations by posing as that employee.

As long as the other participants believe the message is being forwarded by a member of their team, they won’t hesitate to open any shared links or attachments – and scammers use this to their advantage. Cases like this have become more common since the pandemic – for example, the retail giant IKEA fell victim to one such reply-chain phishing attack last year, and had to take company-wide action to thwart it. Without the proper training and strong network protections, a chain of replies, or ongoing thread, can pose a significant risk to a range of organizations. 


How Do Scammers Make It Work?

It is Sent as a Response to an Ongoing Email Conversation

As reply-chain phishing specifically targets ongoing email conversations, other users may not be able to identify it as a scam instantly. After all, no one would expect a sudden phishing email in the midst of a conversation that has been running for weeks. This phishing technique, therefore, has a higher chance of success.


The Email Comes from a Known Employee Account

Once a scammer hacks into an employee’s account, they can easily access their employee login credentials and interact with others on the network posing as the said employee. And as a bond of trust already exists among all the participants of a particular group email thread, it would seem just like a legitimate email response. But, once another user opens the links or attachments shared in such malicious emails, the scammer gains access to their accounts, too.


The Scammer Has Access to the Full Email Thread

The main reason why such phishing scams are successful is that the hacker gains access to the full email thread that an employee is part of. So, they can go through all the old conversations to identify the topic of discussion, as well as the personal emailing style of the employee whose account they have accessed.

Usually, such scammers monitor ongoing conversations to look for a suitable opportunity instead of launching an attack immediately. Then, they prepare a convincing email posing as the person whose account they have breached and add attachments or links that seem connected to the topic being discussed. As a result, other employees take the bait easily, all falling victim to the phishing attack.


Tips For Protecting Against Reply-Chain Phishing Attacks

Here are some prime tips to protect yourself, your company, and your assets. 


1. Always Keep Your Systems Updated

The most common way attackers can gain access to your account is by utilizing existing vulnerabilities in your system. But, once a service provider recognizes any such vulnerability, they immediately roll out new updates that help deal with it effectively to ensure maximum security. Therefore, keeping all your devices up to date can help lower the chances of you falling prey to a phishing attack.


2. Turn On Multi-Factor Authentication

Multi-factor authentication can stop scammers from gaining access to your account, even if they have your login credentials. As the scammer is unlikely to know about the verification code you have set up, they won’t be able to take over your account from another device. Make it a habit to turn on multi-factor authentication on every app and software that offers this feature.


3. Set Up Sign-In Alerts

Activating sign-in alerts can provide an extra layer of protection to your email accounts. This means that you will receive alerts on your phone every time you log in to your account on an unrecognized device. So, if you haven’t signed in to any new device but still receive an alert, you would instantly know that your account has been compromised and take steps to recover it.


4. Treat Email Attachments with Caution

Most leading email service providers have email filters or malware scanners that automatically identify and quarantine potentially dangerous emails. If you are sure that the message in question is from a genuine sender, you can then release the email from quarantine.

However, if the scammer uses the email address of a known employee, such emails won’t be flagged as malicious and may end up in your inbox disguised as a legitimate message. Therefore, no matter how trusted the source is, never open any attached items without first scanning them for viruses.


5. Spread Awareness Among Your Employees

With scammers inventing new ways to launch attacks on the internal servers of companies, businesses need to educate their employees on how to identify and thwart such attacks. Employee training programs underlining how scammers gain access to employee accounts and the steps one can take in such circumstances should be a norm for all companies.

employee dealing with supply-chain attack

6. Switch to More Secure Communication Channels

Instead of communicating important matters via internal emails, teams can shift to more secure communication channels, such as messaging apps. Many of these come with the option of creating group chats, making it easier to discuss work-related affairs without the fear of being targeted by phishing attacks.


Summing Up

With the number of reply-chain phishing attacks going up, securing business email accounts should be a top priority for all employees. Making yourself aware of such scams and taking precautionary measures to avoid the same is key to safeguarding your business.


Tech Masters helps businesses and organizations increase productivity and achieve more with individually tailored IT service solutions. We’re so sure you’ll be satisfied that we’re now offering a 3 Month Free Trial with our Enterprise MSP Program. Connect with us today. 

To learn more about reply-chain attacks, check out our frequently asked questions below. 






What are email reply-chain attacks?

Reply chain email attacks are targeted phishing attacks in which the hackers gain access to ongoing business email thread conversations and plant disguised malicious links or attachments there. These pose a great risk to the operations of a business.

Usually, the attacker starts by compromising the email account of one or more employees of the business they are targeting. They login to the said employee’s account and start monitoring existing conversations while waiting for an opportunity to slide in malicious links or attachments. As the other participants are unaware that an employee account has been breached, they are more likely to fall victim to the scam.


Can you be hacked by replying to an email?

No, merely replying to an email won’t get your account hacked. One of the most common ways hackers gain access to your account or information is by sending malicious links or attachments with viruses along with a seemingly harmless-looking email. And once you click the link or download the attachment, they gain access to your data and breach your account.

So, if you have received any such email and replied to it without downloading any attachments or accessing any link, your account is safe. To keep your account protected, confirm the source of all such emails before engaging with them.


What can a hacker do with your email address?

Your email address has a lot of value for hackers – it can help them access several additional details they can use to scam you. But how do they do it? Well, in this digital age, many people use their email accounts for their day-to-day work and monetary transactions. From emailing your colleagues to receiving account statements and shopping invoices – everything you do via email can turn into valuable sources of information in the hands of a hacker.

Once they know your email address, hackers can send targeted phishing emails with links that redirect to a fake login page. And as soon as you enter your credentials on that page, they gain access to your password too. They can now access your email contacts and send messages asking for sensitive information or monetary help.

As the message will be from your email, many of your contacts may not suspect foul play and provide the necessary details to the scammer. In addition, they may also gain access to financial information like credit card or bank account details and use it to withdraw a substantial amount from your account.


Our Locations

748 Market St. #203
Tacoma, WA 98402
PHONE: 253-565-0138

3055 NW Yeon Ave #610
Portland, OR 97210
PHONE: 503-746-9670

TOLL FREE: 833-648-6724

About Tech Masters

Tech Masters takes care of all your business’s IT problems before they happen, from emails and phones, to broken computers and unreliable servers.

Want new articles sent right to your inbox?
Subscribe to our Monthly Tech Guide.

More Blog Posts

These Everyday Objects Can Lead to Identity Theft

These Everyday Objects Can Lead to Identity Theft

You wouldn’t think a child’s toy could lead to a breach of your personal data. But this happens all the time. What about your trash can sitting outside? Is it a treasure trove for an identity thief trolling the neighborhood at night?Many everyday objects can lead to...

lawyers using legal technology to work with clients

Get the Monthly Tech Guide

Join hundreds of other business owners in the South Sound to receive the Monthly Tech Guide from Tech Masters! Each month we will send you our latest post and access to an exclusive tech guide. Sign up today!

You have Successfully Subscribed!