CYBER – FBI warns of email forwarding rules being abused in recent hacks (OODA)

The US FBI released a Private Industry Notification (PIN) last week claiming that cybercriminals are exploiting email forwarding rules to maintain anonymity and hide their presence on hacked email accounts. The PIN was made public yesterday and contains valuable information about how the technique is being actively used in recent business email compromise (BEC) attacks this year. The tactic relied on a feature in certain email services called auto-forwarding email rules. This allows the owner of an email address to create rules for forwarding emails to different addresses.

This makes it easy for threat actors to monitor accounts as they change the auto-forwarding rules to include copies of all incoming emails, sent to an address controlled by the attacker. This allows them to go undetected and eliminates the issue of having to log into a compromised account each day and risk triggering a security warning. Both nation-state hacking groups and cybercrime operators have been abusing auto-forwarding rules for years, however, the FBI report highlights a recent spike in the technique.

Read More: FBI warns of email forwarding rules being abused in recent hacks

Marco Emanuele
Marco Emanuele è appassionato di cultura della complessità, cultura della tecnologia e relazioni internazionali. Approfondisce il pensiero di Hannah Arendt, Edgar Morin, Raimon Panikkar. Marco ha insegnato Evoluzione della Democrazia e Totalitarismi, è l’editor di The Global Eye e scrive per The Science of Where Magazine. Marco Emanuele is passionate about complexity culture, technology culture and international relations. He delves into the thought of Hannah Arendt, Edgar Morin, Raimon Panikkar. He has taught Evolution of Democracy and Totalitarianisms. Marco is editor of The Global Eye and writes for The Science of Where Magazine.

Latest articles

Related articles