You Need to Watch Out for Reply-Chain Phishing Attacks

News and Blogs

11th October 2022

You Need to Watch Out for Reply-Chain Phishing Attacks

Phishing. It seems you can’t read an article on cybersecurity without it coming up. That’s because phishing is still the number one delivery vehicle for cyberattacks.  

80% of surveyed security professionals say that phishing campaigns have significantly increased post-pandemic. Phishing not only continues to work, but it’s also increasing in volume due to the move to remote teams. Many employees are now working from home. They don’t have the same network protections they had when working at the office.   

One of the newest tactics is particularly hard to detect. It is the reply-chain phishing attack.   

What is a Reply-Chain Phishing Attack?

You don’t expect a phishing email tucked inside an ongoing email conversation between colleagues. Most people are expecting phishing to come in as a new message, not a message included in an existing reply chain.   

The reply-chain phishing attack is particularly insidious because it does exactly that. It inserts a convincing phishing email in the ongoing thread of an email reply chain. 

How does a hacker gain access to the reply chain conversation? By hacking the email account of one of those people copied on the email chain. The hacker can email from an email address that the other recipients recognise and trust. The attacker also gains the benefit of reading down through the chain of replies. This enables them to craft a response that looks like it fits.   

They may see that everyone has been weighing in on a new product idea for a product called Superbug. So, they send a reply that says, “I’ve drafted up some thoughts on the new Superbug product, here’s a link to see them.” 

The reply won’t seem like a phishing email at all. It will be convincing because:  

  • It comes from an email address of a colleague. This address has already been participating in the email conversation.  
  • It may sound natural and reference items in the discussion.  
  • It may use personalisation. The email can call others by the names the hacker has seen in the reply chain.   

Tips for Addressing Reply-Chain Phishing   

Here are some ways that you can lessen the risk of reply-chain phishing in your organisation:  

  • Use a Business Password Manager  
  • Put Multi-Factor Controls on Email Accounts  
  • Teach Employees to be Aware  
  • Business Email Compromise (BEC) is so common that it now has its own acronym. Weak and unsecured passwords lead to email breaches. So do data breaches that reveal databases full of user logins. 


Microminder is the leading strategic IT business partner in the dental sector – we have been proudly supporting the dental community for over three decades.  

We pride ourselves on building lasting relationships with our clients where they trust us with their IT strategy, implementation and ongoing support, allowing them to focus on patient care.  

Our solutions, IT Support, Managed Services & VoIP Telephony are cost effective and inspired by the latest technology, underpinned by market-leading technology partners such as Microsoft, Datto and Software of Excellence.   

Microminder’s experts are passionate about technology and are always on hand to support and guide you, so please get in touch today:   

Call us on 0208 799 6883 or follow us on social media. 

Back to News

We put our clients at the centre of what we do

Interested in becoming a client or finding out more?

Let’s Chat



We Support

Footer Logo
Microminder - Footer Logo
facebook facebook linkedin twitter