Cyber-criminals are increasingly relying on email forwarding rules in order to disguise their presence inside hacked email accounts, according to recent FBI reporting. Successful business email compromise (BEC) resulted in more than 1.7 billion in worldwide losses in 2019. The FBI warned US businesses about this email rule forwarding vulnerability.
A sophisticated scam
The use of web-based email applications has increased with the COVID-19. Therefore, cybercriminals are implementing auto-forwarding rules on victims’ web-based email clients to conceal their activities. “Auto-forwarding email rules” allow the owner of an email address to set up or update rules that forward an incoming email to another address if a certain criteria is met. BEC is defined as a sophisticated scam targeting businesses that perform electronic payments like wire or automated clearing house transfers by the FBI.
FBI explained the vulnerability, saying,
“The web-based client’s forwarding rules often don’t sync with the desktop client, limiting the visibility of rules to cybersecurity administrators. Cybercriminals then capitalize on this reduced visibility to increase the likelihood of a successful business email compromise (BEC).”
The FBI recommends for mitigation:
- Ensure both the desktop and web app are running the same version
- Be wary of last-minute changes in established email account addresses
- Carefully check email addresses for slight changes
- Enable multi-factor authentication for email accounts
- Add an email banner to messages coming from outside your organization
- Enable security features that block malicious email