reply chain email attacks

What are reply chain email attacks?

Remember those chain letters you used to receive that promised untold wealth if you sent the required copies, and untold terror if you didn’t? Well, other than being similarly aggravating, reply-chain email attacks aren’t at all like that!

A reply-chain email attack is a form of cyberattack that involves a phishing email tucked inside an ongoing email conversation (your ‘reply chain’). While typical phishing attacks attempt to parody a sender with a forged address, this more sophisticated attack hijacks a legitimate email correspondence chain and inserts a phishing email into the existing email conversation.

How do email reply chain cyber attacks work?

This technique, also known as ‘reply-chain phishing’ or ‘thread hijack spamming’, begins with hackers (using various methods) gaining access to one or more email accounts within an organisation. Once they’re ‘in’, cybercriminals can begin monitoring conversation threads for opportunities to infiltrate ongoing chains of conversation with ransomware/malware or links to a form to steal more login credentials.

Why are reply chain attacks so dangerous?

This sophisticated form of cyberattack works particularly well because:

  • The attacker can read a conversation trail and more convincingly pose as a member of the email chain, referencing items in the discussion and calling others by name.
  • The reply in the thread comes from a colleague’s email address – likely a co-worker that the email recipients know and trust, and who has previously been participating in the email conversation. 
  • Employees are not expecting malicious activity embedded in the middle of an ongoing discussion; their normal ‘phishing radar’ is not necessarily operative.  

How can you protect against reply chain phishing?

Best practice?

Firstly, ensure there is no re-use of passwords within your business. All accounts should have unique (strong!) passwords and should ideally be backed by multi-factor authentication

Secondly, and perhaps even more importantly, your employees need to be brought up to cyber-secure speed with regular, ongoing awareness training. Your staff should be trained to treat any email – even those within ongoing chains – with caution, particularly if they’re furnished with links or attachments. Your security training can also include the mandated use of other internal communication platforms – such as Slack or Microsoft Teams – to check the legitimacy of any emails that seem suspect.

How strong are your email account protections?

Remember, it can take businesses months or even years to recover from a successful cyberattack. You do not want your business to become a phishing statistic! If you’re not 100% certain that you have enough protection in place on your business email accounts to prevent a breach, please give us a call! Geelong Technology Group can provide email cybersecurity solutions that can keep you – and your sensitive business data – better protected.

Give us a call to find out more on 1300 GET GTG (1300 438 484) or stop by our showroom at 166 Francis St, Belmont.

managed IT services

Starting a new business 101

Let’s for a moment assume you have the business idea (the kind of idea that comes along once in a lifetime). You’ve done your market research and chosen a business model. You’re ready for the going-solo responsibility and you’ve transcended the existential fear. Essentially, you’ve just about got all your ducks in a row to become an SMB owner. But what now? What tasks need to be ticked off to ensure not only that your business is a success, but also that it will be ready to run smoothly from the get-go?


Note: It’s important to clarify that there is no one-size-fits-all model for starting a new business, but the following steps will help to organise your ideas and iron out important details.

1. Write your business plan

There are 1000s of books and websites that will help you construct a business plan, but know that this is not a step you want to miss. A strong business plan sets out what you want to achieve and how you’re going to achieve it. Your business plan should address the problem(s) your business solves, your target audience(s), SWOT analysis and a financial plan. In writing your business plan, you should also choose your business structure – whether you’re planning on being a sole trader, a company, a partnership etc.

2. Choose a business name and register your business

Your business name is important! If you choose well, your business name will quickly identify who you are, what you do, and the image that you’re communicating, as well as help your customers find you online. The very best names are descriptive, different, short and snappy – not necessarily an easy recipe – but worth taking the time over.


Once you’ve chosen your name, you’ll need to register it (unless your business name is the same as your own name). You’ll also need to apply for an ABN. Depending on the nature of your business, you may also need to attend to tax registration, look into any licences or permits (such as a restaurant or café licence, for instance, or a licence to discharge trade waste) and possibly protect your business name with a trade mark.

3. Prepare your business finances

This will include setting up a business bank account, applying for financing or grants, and securing investors (if necessary). It will also involve learning how to organise your finances – managing your cash flow, your budget, your payments and invoices. It may help to secure the services of a bookkeeper or to invest in an accounting software package.

4. Purchase your business hardware and software

This is (what we consider!) the fun part. Whether you’re starting small, or hitting the ground huge, you’re going to need some tech. Purchasing the right equipment for your needs now – and with an eye toward future growth – is imperative. From desktops, printers and landline phones for the office, to laptops, tablets and mobiles for out-and-about business, you’ll want your tech investments to work smart for your company.


Other IT options to consider when starting a business include how you’ll access the internet, networking capabilities, cloud storage and cybersecurity solutions. Geelong Technology Group can help you with these – we even offer managed IT services!

5. Sort out your business admin

Starting a business is no small feat, and just as it takes a village to raise a child, so too it can take some outsourcing to raise and support a successful SMB. Beyond items that you’ll need to organise – such as business insurance – some business administration items that you can consider sending out-of-house (but still tethered firmly as part of your ‘team’) include managed IT services, accounting, and digital marketing and promotion.

Contact Geelong Technology Group for all your new business IT needs

As Geelong’s best business IT support company, we’re here to help seed and grow your business! We can advise you on the best tech to suit your requirements. We can build the best IT network solution for your situation. And we can provide ongoing support in the form of managed IT services and cybersecurity monitoring. 


Servicing Geelong, the Bellarine Peninsula, the Surf Coast and surrounding regions, GTG are your business IT specialists: contact our experienced team on 1300 GET GTG (1300 438 484) or email and let’s get working together!