Email Reply Chain Attacks

Email Reply Chain Attacks

Do you think YOUR business could fall victim to an Email Reply Chain Attack?

As you will see in the video above, these attacks can happen to ANYONE, and the more protected your organization is, the better.

If you would like to find out how much exposure YOUR business has to these attacks, and, what you can do about it, Click the Orange button to perform your CyberSCORE Assessment and find out where your business could be at RISK.

Take our
CyberSCORE Assessment

Video Transcription

Hey everyone, Ross from Continuous Networks here.
I'm about to show you a really scary tactic that cybercriminals are using to try and hack your email and steal your data.
Don't go anywhere, because you don't want to miss this!

Have you ever been involved in one of those long email threads where everyone replies to all?
They're called email reply chains, and they're being used by cybercriminals to launch sneaky attacks on your email that are incredibly difficult to detect.
And here's how they do it.

Cybercriminals gain access to one of the recipients in the email thread using something called a business email compromise.
This means that they have access to that person's entire mailbox.
When that compromised individual becomes involved in one of these email reply chains.
The cybercriminal responds in the thread and sends a malicious attachment or a dangerous link.

Now naturally, if you're involved in one of these threads, you tend to let your guard down and make the assumption that everybody you're sending and receiving within the thread is safe.
And why wouldn't you?
Typically you know, everybody in the email chain that you're participating in…

But that's how they GET you!
They take advantage of the trust you have for other individuals in the supply chain and try and dupe you.

Here are some recommendations to help you in the fight against these sneaky reply chain attacks:

  1. Always practice extra caution and diligence whenever you're involved in any email correspondence with anybody outside of your company.
  2. Be sure your password is set to something that's at least 16 characters in length and includes letters, numbers, and symbols, and is not based on a dictionary word or name.
  3. If you use Ironscales, a service we strongly recommend for fighting against email phishing scams, be sure to pay attention to the notices it places at the top of your mailbox. And if you suspect something is phishing, even if it is inside of a trusted email reply chain, use that report phishing button in your Microsoft Outlook to report the message to us.
  4. Wherever possible, don't use Microsoft Office macros. Now I know many of you have to but these are highly common vectors in ransomware attacks.
  5. If you're not using an enterprise-class antivirus service known as XDR, like SentinelOne.
    And keep in mind there are different versions of Sentinel one that provides different levels of protection, then get this implemented immediately as it does an absolutely fantastic job of stopping malicious code that is hidden in email attachments and dangerous links.

As always, if you have any questions or concerns, please send our team an email to info@continuous.net.

And if you're a customer of ours, feel free to contact us via our service desk and we'll be more than happy to address your concerns.

Thanks and stay safe out there.

Ross Brouse

President, Continuous Networks

Ross has served the IT needs of businesses across NY and NJ for more than 15 years. He's also the host of the Legends Of I.T. Podcast, a show for dedicated I.T. Professionals to improve their skills and respective organizations each day.