Security News > 2020 > December > FBI Warns of Auto-Forwarding Email Rules Abused for BEC Scams
The Federal Bureau of Investigation has issued a notification to warn organizations of scammers setting up auto-forwarding email rules to facilitate business email compromise schemes.
Cybercriminals are exploiting the mass shift to telework during the COVID-19 pandemic to conduct malicious operations, including BEC scams that are more likely to succeed due to the targeting of an email rule forwarding vulnerability.
According to the FBI, the attackers are able to conceal their activity through auto-forwarding rules implemented on victims' web-based email clients, but which often do not sync with the desktop client, thus hiding the malicious rules from security administrators.
"If businesses do not configure their network to routinely sync their employees' web-based emails to the internal network, an intrusion may be left unidentified until the computer sends an update to the security appliance set up to monitor changes within the email application. This leaves the employee and all connected networks vulnerable to cyber criminals," the FBI warns.
To stay protected, organizations should ensure web and desktop email clients are synced; email addresses are not altered; multi-factor authentication is enabled for all accounts; automatic forwarding of emails to external addresses is prohibited; unnecessary legacy email protocols are eliminated; emails coming from external addresses are flagged; and malicious emails are blocked.