Almost everyone is familiar with reply chains in emails. An email is sent to one or more people and various people reply to it. They do not expect a phishing email to be hidden in this ongoing email conversation. Most people expect a phishing email as a new message, not as part of an ongoing reply chain.
In a reply-chain phishing attack, criminals use previously stolen legitimate email addresses to send an email reply with a malicious link or QR code. This email address belongs to the parties involved in an email conversation. This allows the hacker to email from an email address that the other recipients know and trust. The criminals also have the advantage of being able to read the chain of replies. This enables them to compose a highly appropriate response, enhancing the credibility of the reply. As a result, the recipient believes the response is from a trusted sender and is more likely to click on the link or open the attachment that the criminals have inserted via the stolen email account.
The following measures can reduce the risk of a reply-chain phishing attack:
- Use strong passwords and store them in a secure place, such as a password manager. This makes it more difficult for criminals to access your email account.
- Use caution when following a link sent via email or text message or scanned via a QR code.
- Never disclose your access credentials for your devices, email accounts, etc.
Further information on phishing can be found here.
