What is a Reply Chain Attack?

Reply chain phishing involves cybercriminals infiltrating email threads by posing as legitimate senders or recipients. Using a compromised account, the attackers exploit existing email conversations, often from trusted contacts, to deceive users into disclosing confidential information or initiating fraudulent transactions. By inserting themselves into ongoing discussions, these malicious actors gain credibility and increase the likelihood of their phishing attempts succeeding.

How to Identify a Reply Chain Phishing Attack:

1. Unusual Requests: Be wary of unexpected requests within email threads, especially those related to financial transactions, sensitive data, or login credentials.
2. Mismatched Email Addresses: Check sender details for any inconsistencies, such as unfamiliar addresses or slight variations in domain names.
3. Suspicious Links and Attachments: Exercise caution when encountering links or attachments in emails, particularly if they prompt immediate action or seem out of context.
4. Generic Greetings or Signatures: Beware of emails lacking personalized greetings or signatures, as these could indicate automated phishing attempts.
5. Urgent Language: Phishing emails often employ urgent language to pressure recipients into swift responses or actions. Take a moment to verify the legitimacy of such messages.
6. Unsolicited Information Requests: Be cautious of emails requesting sensitive information or login credentials without prior confirmation through alternative channels.

Remember, if you're unsure about the legitimacy of any email DO NOT click on links or download attachments. Instead, report it to security@ubc.ca immediately.

Go even further: review top tips to prevent falling for a phishing attack.