The FBI is warning US companies about scammers actively abusing auto-forwarding rules on web-based email clients to increase the likelihood of successful Business Email Compromise (BEC) attacks.
This warning was issued through a joint Private Industry Notification (PIN) sent on November 25 and coordinated with DHS-CISA.
BEC scammers are known for using social engineering, phishing, or hacking to compromise business email account with the end goal of redirecting future or pending payments to bank accounts under their control.
The FBI’s Internet Crime Complaint Center (IC3) also issued a Public Service Announcement (PSA) in September 2019 warning that BEC scams are continuing to grow every year, with victim complaints totaling over $26 billion in exposed dollar loss between June 2016 and July 2019, and a 100% rise in the identified global exposed losses between May 2018 and July 2019.
IC3 also revealed in the 2019 Internet Crime Report BEC was the cybercrime type with the highest reported total victim losses in 2019, as it reached around $1.8 billion in individual and business losses during the last year alone.
The PIN, labeled “TLP: WHITE,” provides details on how fraudsters successfully compromised business in BEC scams and about how auto-forwarding email rules are being used to collect information and limit the victims’ capability to detect the fraudulent activity.
BEC scammers used email rules added to the target’ web-based email clients to hide their activity while impersonating employees or business partners.
Also Read: Computer Misuse Act Singapore: The Truth And Its Offenses
“According to recent FBI reporting, cybercriminals are implementing auto-forwarding rules on victims’ web-based email clients to conceal their activities,” the FBI said.
“The web-based client’s forwarding rules often do not sync with the desktop client, limiting the rules’ visibility to cybersecurity administrators.”
The FBI also provides information on two attacks from August 2020 where BEC scammers made use of web-based email forwarding rules to target US-based manufacturing and medical equipment companies.
In both cases, the attackers were able to successfully hide their activity from the companies’ security teams by automatically forwarding all incriminating emails to the attackers’ mail accounts.
This allowed them to impersonate other vendors and request that payments for services rendered to be sent to bank accounts under their control.
The FBI also warned private industry partners of threat actors abusing both Microsoft Office 365 and Google G Suite in BEC attacks in two separate notifications [1, 2].
“The scams are initiated through specifically developed phish kits designed to mimic the cloud-based email services in order to compromise business email accounts and request or misdirect transfers of funds,” the FBI said in a PIN sent on March 3.
The victims are redirected via large-scale phishing campaigns to phishing kits capable of identifying the “service associated with each set of compromised credentials” and displaying the correct user interface.
Using information harvested from compromised cloud email accounts, the scammers impersonate employees of the compromised businesses to insert themselves in communications with other vendors to redirect payments to bank accounts they control.
They also collect and exfiltrate contacts from infiltrated email accounts, later to be used in other phishing attacks and compromise more businesses, thus making it a lot easier to pivot to other targets within the same or related industry sectors.
Even though both Google G Suite and Microsoft Office 365 come with security features that can help block BEC scam attempts, many of them have to be manually configured and toggled on by an organization’s IT administrators or security teams.
Because of this, “small and medium-size organizations, or those with limited IT resources, are most vulnerable to BEC scams,” according to the FBI.
Also Read: Personal Data Websites: 3 Things That You Must Be Informed
The FBI advises IT admins to take the following measures that could block BEC attacks:
Users can also follow these recommendations to defend against BEC scammers:
Importance of Efficient Access Controls that every Organisation in Singapore should take note of. Enhancing…
Prioritizing Security Measures When Launching a Webpage That Every Organisation in Singapore should take note…
Importance of Regularly Changing Passwords for Enhance Online Security that every Organisation in Singapore should…
Comprehensive Approach to Data Protection and Operational Integrity that every Organsiation in Singapore should know…
Here's the importance of Pre-Launch Testing in IT Systems Implementation for Organisations in Singapore. The…
Understanding Liability in IT Vendor Relationships that every Organisation in Singapore should look at. Understanding…
This website uses cookies.