The FBI has warned businesses of the threat posed by cybercriminals who create auto-forwarding rules on their victims’ web-based email services, in an attempt to make them more susceptible to Business Email Compromise.
Business Email Compromise is an American name for fraud where hackers send an email message that appears to come from a known source making a legitimate request but ends up with the recipient being defrauded.
e.g. the hackers manage to get the email address and details for a solicitor conducting a house sale and email their customers asking for payment to be made to a new bank account (controlled by the criminals).
Or a hacker spoofs the email address of the company CEO to instruct a ledger clerk to transfer some company money to a new bank account.
Email Auto Forward Rules
With many email systems you can create rules that automatically move emails to folders or mark emails or delete messages from specified senders or auto forward emails containing specified keywords then delete them, for example.
The criminals use a variety of methods to get access to email systems, the most common being the sending of phishing messages to get the victims to enter their email credentials into a fake website page believing it is something to their benefit e.g. a free prize draw.
With access to the email, they setup rules that, for example, will auto forward any incoming message with the keywords ‘bank’, account’, ‘payment’ or ‘money’ then delete the messages.
The hackers hope this will give them emails containing enough information to be able to create matching fake emails and send those to the relevant companies asking for money to be transferred or to change the bank details for a payment due etc.
The hackers continue this until someone realises their payments are going astray.
If you have any experiences with these scams do let me know, by email.