Email Reply Chain Attacks

Monday, March 14, 2022

Here is a really scary tactic that Cyber-Criminals are using to try and hack your email and steal your data.

Have you ever been involved in one of those long email threads where everyone replies to ALL?

They are called Email Reply Chains and they are being used by Cybercriminals to launch sneaky attacks on your email that are incredibly difficult to detect.

Here’s how they do it.

Cybercriminals gain access to one of the recipients in the email thread using something called a Business Email Compromise.

This means they have access to that person’s entire mailbox.

When that compromised individual becomes involved in one of these Email Reply Chains, the cybercriminal responds in the thread and sends a malicious attachment or a dangerous link.

Naturally, when you are involved in one of these threads, you tend to let your guard down and make the assumption that everything you are sending and receiving is safe.

And why wouldn’t you? Typically, you know everyone in the email chain you are participating in!

But that is how they get you.

They take advantage of the “TRUST” you have for the other individuals in the reply chain and try and DUPE you.


Here are some recommendations to help you in the fight against these sneaky reply chain attacks.

  1. ALWAYS PRACTICE EXTRA CAUTION AND DILIGENCE whenever you are involved in any email correspondence with anyone outside of your company.

  2. Be sure your password is set to something at least 16 characters in length and includes letters, numbers, symbols, and is not based on a dictionary word or name.

  3. If you use Ironscales (a service we STRONGLY recommend for fighting against email phishing scams), be sure to pay attention to the notices it places at the top of your mailbox and if you suspect something is phishing, even if it is inside of a “TRUSTED” email reply chain, use the “Report Phishing” button in your Microsoft Outlook to report that message to us.

  4. Where possible, DO NOT use Microsoft Office Macros. These are a highly common attack vector for ransomware attacks.

  5. If you are NOT using an enterprise-class Antivirus service known as XDR, like SentinelOne… and keep in mind there are different versions of SentinelOne that provide different levels of protection, then get this implemented immediately as it does an absolutely fantastic job of stopping malicious code that is hidden in email attachments and dangerous links.


If you are a customer of ours, feel free to contact us via our service desk and we’ll be more than happy to address your concerns.

Thanks, and stay safe out there.

Scroll to Top