Criminals Funnelling Money From Businesses In Sophisticated Email Scam
Criminals are exploiting auto-forwarding rules to help successfully funnel money using Business Email Compromise (BEC) attacks, the FBI warns.
The COVID-19 pandemic, which prompted a mass shift to telework among many businesses around the world, has resulted in an increased use of web-based email applications.
According to FBI reporting, cyber criminals are implementing auto-forwarding rules on victims’ web-based email clients to conceal their activities. The web-based client’s forwarding rules often do not sync with the desktop client, limiting the rules’ visibility to cyber security administrators.
Cyber criminals then capitalize on this reduced visibility to increase the likelihood of a successful business email compromise (BEC). BEC schemes resulted in more than $1.7 billion in worldwide losses reported to the Internet Crime Complaint Center (IC3) in 2019.
The FBI is sharing this information to inform companies of this email rule forwarding vulnerability, which may leave businesses more susceptible to BEC.
During an incident in August 2020, the hackers created three auto-forwarding rules within an email used by a company in the manufacturing industry.
The first rule auto-forwarded any email using the financial terms “bank”, “payment”, ‘invoice”, “wire” or “check” to the cyber criminal’s email address.
The FBI drew up a list of ways businesses can mitigate the risk of falling victim to BEC scams, including:
- Ensure both the desktop and web applications are running the same version to allow appropriate syncing and updates.
- Be wary of last minute changes in established email account addresses.
- Carefully check email addresses for slight changes that can make fraudulent addresses appear legitimate and resemble actual clients’ names.
- Enable multi-factor authentication for all email accounts.
- Prohibit automatic forwarding of email to external addresses.
- Frequently monitor the Email Exchange server for changes in configuration and custom rules for specific accounts.
- Create a rule to flag email communications where the “reply” email address differs from the “from” email address.
- Add an email banner to messages coming from outside your organization.
- Consider the necessity of legacy email protocols, such as POP, IMAP, and SMTP, that can be used to circumvent multi-factor authentication.
- Ensure changes to mailbox login and settings are logged and retained for at least 90 days.
- Enable security features that block malicious email, such as anti-phishing and anti-spoofing policies.