Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security IT Technology

FBI Warns of Email Forwarding Rules Being Abused in Recent Hacks (zdnet.com) 10

The US Federal Bureau of Investigation says that cyber-criminals are increasingly relying on email forwarding rules in order to disguise their presence inside hacked email accounts. From a report: In a PIN (Private Industry Notification) alert sent last week and made public today, the FBI says the technique has been seen and abused in recent BEC (Business Email Compromise) attacks reported over the summer. The hackers' technique relies on a feature found in some email services called "auto-forwarding email rules." As its name implies, the feature allows the owner of an email address to set up "rules" that forward (redirect) an incoming email to another address if a certain criteria is met. Threat actors absolutely love email auto-forwarding rules as they allow them to receive copies of all incoming emails without having to log into an account each day -- and be at risk of triggering a security warning for a suspicious login.
This discussion has been archived. No new comments can be posted.

FBI Warns of Email Forwarding Rules Being Abused in Recent Hacks

Comments Filter:
  • Thanks a lot FBI, for letting us know about things like this that have only been a problem for a couple decades.
    • "Thanks a lot FBI, for letting us know about things like this that have only been a problem for a couple decades."

      They should have waited another year, then it's emails 50th birthday.

      I guess some their snappy young whippersnappers fell for some old dog's trick.

    • Thanks a lot FBI, for letting us know about things like this that have only been a problem for a couple decades.

      The intended target for that information is pretty clear from the article:

      FBI RECOMMENDS SYNCING EMAIL ACCOUNT SETTINGS
      FBI officials say that the technique is still making victims in corporate environments because some companies don't forcibly sync email settings for the web-based accounts with desktop clients.

      This, in turn, limits "the rules' visibility to [a company's] cyber security administrators," and the company's security software, which may be configured and capable of detecting forwarding rules, but may remain blind to new rules until a sync occurs.

      The FBI PIN -- a copy of which is available here -- contains a series of basic mitigations and solutions for system administrators to address this particular attack vector and prevent future abuse.

      The FBI PIN comes after the FBI reported earlier this year that BEC scams were, by far, the most popular form of cybercrime in 2019, having accounted for half of the cybercrime losses reported last year.

      What would you have them do instead?

  • Pedantry (Score:4, Informative)

    by dtmos ( 447842 ) * on Wednesday December 02, 2020 @05:15PM (#60787366)

    a certain criteria

    For those for whom English is not a first language, this is incorrect, as "criteria" is plural, and the "a" requires a singular noun.

    It should read, "a certain criterion".

    Yours in pedantry,

    dtmos.

  • No mention as to how the cyber criminals got control of the web client.

In the long run, every program becomes rococco, and then rubble. -- Alan Perlis

Working...