Remote Workers Targeted for Reply-Chain Phishing Attacks
Ding, you’ve received an email from your bank about last Sunday’s brunch in South Melbourne.
How good were the smashed pumpkin and poached eggs with pesto oil? And washed down with a Magic.
So why is the bank emailing you on Tuesday morning?
You read the email. As a precaution, the bank wants you to change your password due to increased fraud in South Melbourne.
You click the link and change your password.
And as simple as that, you have handed over your login details to your online banking.
After all, they knew you were in South Melbourne, or so you think.
You are the latest victim of phishing.
(Don’t confuse it with fishing, but pronounced the same)
As life return to Covid-normal in Melbourne, hackers have increased their phishing attempts. According to a 2020 study, Australians lost over $851 million to online scams.
Many CBD employees continue working remotely or hybrid.
So cybercriminals have adopted their scams to take advantage of poor network protections.
For example, cybercriminals are stealing employee login credentials with employees working remotely. Or they are launching a ransomware attack for a payout.
And they are planting spyware to steal sensitive personal or commercial information.
With one phishing email, an online scammer does it all.
Why does phishing continue to work so well? Why are Australians failing to see the warning signs in a phishing email?
In short, Australians are generally more aware of phishing emails and how to spot them a decade ago. But as scammers evolved their tactics, it has become harder and harder to spot.
Smashed avo was the go-to brunch dish in 2018. Brunch has evolved, as have the crooks.
One of the newest stealth tactics is hard to spot for the average Aussie.
It is the reply-chain phishing attack.
What is a Reply Chain Phishing Attack?
Local suburban streets are bustling with remote workers shopping and eating locally. And this has given cybercriminals the chance to change their tactics.
Whether you work from home in Caulfield, Cheltenham or Cairnlea, you receive emails on your laptop or smartphone.
And the one email most people know is a reply chain.
You send an email to one or more people, and someone replies, and that response sits at the bottom of the message thread. Then another person chimes in on the email, responding to the same thread.
And working at home, these reply chains are in full flight Monday morning about the footy.
You see, Geelong has eleven wins on the trot and the Magpies.
Soon, you have a chain of replies on a thread on a particular topic – hopefully, more than the footy. It lists each response under the other so each recipient can follow the topic of conversation.
No one is expecting a phishing email tucked inside that ongoing email thread.
Most people would expect phishing to come in as a new message, not a message included in an ongoing reply chain.
The reply-chain phishing attack is particularly sneaky because it does precisely that. It gets inserted as a convincing email in the ongoing thread of an email reply thread.
How Does a Hacker Gain Access to the Reply Chain?
A cybercriminal hacks the email account of one of the people copied in the email chain.
This is known as an account takeover.
The hacker can email from a different email address, but one the other recipients recognise and trust.
One of the ways they gain trust is by reading the email chain of replies.
And like that, they slip into the conversation.
And it works because you see the reply is from a trusted email address.
For example, they see that everyone has been discussing a new product idea. How to solve Melbourne’s growing disposable coffee cup waste issue.
So, they reply by saying, “I’ve come up with some thoughts on how to tackle marketing this product; here’s a link to see them.”
Without thinking, most people will click on the link.
After all, it’s from a trusted colleague.
And that’s what the hackers want you to think.
You click the link and land on a malicious phishing site. The redirected site might infect a user’s system with malware. Or present a form to complete and then steal login credentials.
The reply didn’t seem suspicious or raise concern.
But it works, and here’s why:
● It comes from your coworker’s email address. It has already been participating in the email conversation – remember you were talking about the footy?
● It may sound natural and refers back to the other messages.
● The hacker uses personalisation with actual names (which they have seen in the email trail). “So Matt, what’s going on with the Saints? Dropped the last two games?”
Business Email Compromise is Increasing
The most common tactic is to take advantage of weak and poor passwords.
Once the hackers have control of your email account, they can use this to access other parts of your network. This can expose database breaches of users’ login details. Or create invoices that change the contact and banking details.
Unfortunately, some cybercriminals go further and register domain names similar to trusted big businesses.
The hackers then impersonate the company and order expensive items like an iPhone.
The leading global cause of data breaches continues to be phishing.
Some might say Sydney stole the 2006 Grand Final from the Eagles by a point. Or you could say they took advantage of the premiership quarter. And like the Swans, treacherous hackers are ready to take advantage of you.
The reply-chain phishing attack is the most common way hackers compromise your business.
3 Ways to Reduce Risk of Reply-Chain Phishing
Here are three ways that you can reduce the risk of reply-chain phishing in your business today:
1. Use a Business Password Manager
This is the number item you should look at as it reduces the risk of staff reusing passwords across many apps and devices. In addition, it can help improve security as the employee only needs to remember one strong password. We include LastPass in our Managed Services plans. Check them out
2. Multi-Factor Authentication for Email Accounts
Introduce a system challenge (question or required code). This will help stop logins from unknown IP addresses or virtual private networks (VPN).
3. Improve Employee Awareness
With remote working here to stay, Melbourne businesses need regular IT security training. Crooks make mistakes, and your employees are in the back line of your defence.
How safe is your business from a phishing attack?
Do you have enough safeguards and protection to prevent your business from becoming the next victim?
Contact us to learn how email security solutions can better protect your business.
About the author
Yener is the founder and Managing Director of Intuitive IT. Prior to running his own business Yener worked for a number of corporate organisations where he gained invaluable experience and skills, as well as an understanding of how IT can complement and improve business outcomes.