Here is a really scary tactic that Cyber-Criminals are using to try and hack Companies / organization’s email and steal thier data.
Many Industries gets involved in one of those long email threads where everyone replies to ALL?
They are called Email Reply Chains and they are being used by Cybercriminals to launch sneaky attacks on their email that are incredibly difficult to detect.
Here’s how they do it.
Cybercriminals gain access to one of the recipients in the email thread using something called a Business Email Compromise.
This means they have access to that person’s entire mailbox.
When that compromised individual becomes involved in one of these Email Reply Chains, the cybercriminal responds in the thread and sends a malicious attachment or a dangerous link.
Naturally, when Company executive or members are involved in one of these threads, they tend to let their guard down and make the assumption that everything you are sending and receiving is safe.
And why wouldn’t they? Typically, they know everyone in the email chain you are participating in!
But that is how they get them.
They take advantage of the “TRUST” they have for the other individuals in the reply chain and try and DUPE them.
Here are some recommendations to help you in the fight against these sneaky reply chain attacks.
- ALWAYS PRACTICE EXTRA CAUTION AND DILIGENCE whenever they are involved in any email correspondence with anyone outside of their company.
- Be sure your password is set to something at least 16 characters in length and includes letters, numbers, symbols, and is not based on a dictionary word or name.
- If they use Ironscales (a service we STRONGLY recommend for fighting against email phishing scams), be sure to pay attention to the notices it places at the top of their mailbox and if you suspect something is phishing, even if it is inside of a “TRUSTED” email reply chain, use the “Report Phishing” button in Microsoft Outlook to report that message to us.
- Where possible, DO NOT use Microsoft Office Macros. These are a highly common attack vector for ransomware attacks.
- If companies are NOT using an enterprise-class Antivirus service known as XDR, like SentinelOne… and keep in mind there are different versions of SentinelOne that provide different levels of protection, then get this implemented immediately as it does an absolutely fantastic job of stopping malicious code that is hidden in email attachments and dangerous links.
If you are a customer of ours, feel free to contact us via our service desk and we’ll be more than happy to address your concerns.
Thanks, and stay safe out there.
Company Name: Continuous
Contact Person: Support
Email: Send Email
Phone: +1 (973) 218-5770
Address:1 Meadowlands Plaza, Suite 200
City: East Rutherford
State: NJ 07073
Country: United States