Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • Email Attackers Using Auto-Forwarding Rules to Perpetrate BEC Scams
  • Cyber Attacks
  • Data Breach

Email Attackers Using Auto-Forwarding Rules to Perpetrate BEC Scams

5 years ago David Bisson
Email Attackers Using Auto-Forwarding Rules to Perpetrate BEC Scams

U.S. law enforcement learned that email attackers are using auto-forwarding rules to help them to perpetrate Business Email Compromise (BEC) scams.

In a Private Industry Notification published on November 25, the FBI revealed that some BEC scammers are now updating the auto-forwarding rules in the web-based client of an email account they’ve compromised.

The FBI explained this tactic is predicated on the hope that administrators did not actively sync the web and desktop email clients of the victim organization, thereby limiting visibility into malicious activity:

While IT personnel traditionally implement auto-alerts through security monitoring appliances to alert when rule updates appear on their networks, such alerts can miss updates on remote workstations using web-based email. If businesses do not configure their network to routinely sync their employees’ web-based emails to the internal network, an intrusion may be left unidentified until the computer sends an update to the security appliance set up to monitor changes within the email application. This leaves the employee and all connected networks vulnerable to cyber criminals.

Indeed, attackers can use auto-forwarding rules to send copies of all incoming messages to an account under their control.

They can then inject themselves into conversations involving vendor payments and other financial transactions in order to perpetrate a BEC scam. This type of attack caused $1.7 billion in losses in 2019, according to the FBI’s 2019 Internet Crime Report.

The FBI went on to add that a system audit might not pick up on the auto-forwarding rules if it doesn’t audit both the desktop and web-based clients.

Subsequently, email attackers could maintain access to a compromised account’s emails even after a financial institution or law enforcement has warned an organization that they might have been a victim of a potential BEC attack.

News of this technique highlights the need for organizations to defend themselves against business email compromise attacks. They can do this by following these best practices.

The post ” Email Attackers Using Auto-Forwarding Rules to Perpetrate BEC Scams” appeared first on TripWire

Source:TripWire – David Bisson

Tags: Goverment, Phishing, TripWire

Continue Reading

Previous Experts Uncover ‘Crutch’ Russian Malware Used in APT Attacks for 5 Years
Next iPhone Bug Allowed for Complete Device Takeover Over the Air

More Stories

  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users

7 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link

9 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

Microsoft Begins NTLM Phase-Out With Three-Stage Plan to Move Windows to Kerberos

9 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

⚡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats

13 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach

Securing the Mid-Market Across the Complete Threat Lifecycle

13 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users

16 hours ago [email protected] (The Hacker News)

Recent Posts

  • Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users
  • OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link
  • Microsoft Begins NTLM Phase-Out With Three-Stage Plan to Move Windows to Kerberos
  • ⚡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats
  • Securing the Mid-Market Across the Complete Threat Lifecycle

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT