A phishing reply test differs from a standard phishing test in that it encourages users to respond to the test email in writing rather than open a link or an attachment.
The most basic for of phishing reply test has the form of “please send me X” where the attacker requests information they don’t have access to. A more advanced test uses back and forth replies to establish an ongoing dialogue before asking for information or directing to a link or an attachment.
By starting a dialogue with the victim, an attacker can build a rapport with them. This raises the chance of a successful attack by establishing trust, a sense of familiarity, and by leveraging the rules of reciprocity.