The FBI is warning organizations in the U.S. about the risks posed by email auto-forwarding rules. According to a Private Industry Notification (PIN) from the FBI’s Cyber Division, threat actors are exploiting auto-forwarding rules on victims’ web-based email accounts for launching business email compromise (BEC) attacks. The agency stated that the sudden shift to remote working increased the risk of email scams.
“The FBI is sharing this information to inform companies of this email rule forwarding vulnerability, which may leave businesses more susceptible to BEC,” the notification stated.
What are BEC Attacks?
In a BEC attack, cybercriminals first steal legitimate business email account credentials, which are later used to launch financial fraud campaigns like fraudulent email messages, requests for out-of-channel funds transfers, and deleted accounting trails. BEC actors create auto-forwarding rules within email accounts after they obtain employee credentials to decrease the victims’ ability to observe fraudulent communications.
How to Mitigate BEC Attacks?
The FBI recommended certain security measures to defend the evolving BEC attacks. These include:
- Ensure both the desktop and web applications are running the same version to allow appropriate syncing and updates.
- Be wary of the last-minute changes in established email account addresses.
- Carefully check the email addresses for slight changes that can make fraudulent addresses appear legitimate and resemble actual clients’ names.
- Enable multi-factor authentication for all email accounts.
- Prohibit automatic forwarding of email to external addresses.
- Frequently monitor the Email Exchange server for changes in configuration and custom rules for specific accounts.
- Create a rule to flag email communications where the “reply” email address differs from the “from” email address.
- Add an email banner to messages coming from outside your organization.
- Consider the necessity of legacy email protocols, such as POP, IMAP, and SMTP, that can be used to circumvent multi-factor authentication.
- Ensure changes to mailbox login and settings are logged and retained for at least 90 days.
- Enable security features that block malicious emails, such as anti-phishing and anti-spoofing policies.
The FBI also highlighted that BEC scams reported more than $1.7 billion in worldwide losses in 2019. The agency urged users to report information concerning suspicious or criminal activity to their FBI’s 24/7 CyberWatch.