A reply chain email attack is an attack in which an attacker gains unauthorized access to a legitimate email account and sends an email containing malware or a dangerous link under the thread of a conversation.
Reply chain mail attacks start with the hijacking of an email account.
Hackers use information from previous successful exploits, credential dumps, or credential stuffing or password spreading attacks, to gain access to email accounts and observe threads of conversation, looking for opportunities to insert malware or compromised links into the flow of that conversation. Look for opportunities to insert malware or compromised links into the flow of that conversation.
This technique is particularly effective because the recipient of the email already trusts the person at that point.
The attacker does not join the email conversation as an external participant, but sends the email from the legitimate account of the original participant.
Since the attacker can see the entire thread of the email, he can write the spam email according to the content of the previous conversation. Since the recipient already trusts the sender, they are more likely to click on anything that looks like it, even if it contains malicious attachments or dangerous links.
In order to hide the fact of intrusion and traces of their actions from the account owner, hackers often use a separate inbox to receive mail.
For example, you can use a rule in your email client to route certain emails to a different folder (such as the Trash folder, which is less likely to be seen by the account owner) instead of the regular inbox. Using this technique, if person A replies to person B’s phishing email, the email will be routed to a different folder and person B will not notice it
Another way, after hijacking the account, the hacker can change the settings of the email client so that emails from a particular person are forwarded to a different account
Another technique to avoid being noticed by the account owner is to create a rule that scans incoming emails for keywords such as “phishing” or “hacking” and either deletes the incoming email or auto-responds with a canned response. This will prevent suspicious or concerned co-workers from sending you emails like “Have you been hacked?
Comments