U.S. law enforcement learned that email attackers are using auto-forwarding rules to help them to perpetrate Business Email Compromise (BEC) scams.
In a Private Industry Notification published on November 25, the FBI revealed that some BEC scammers are now updating the auto-forwarding rules in the web-based client of an email account they’ve compromised.
The FBI explained this tactic is predicated on the hope that administrators did not actively sync the web and desktop email clients of the victim organization, thereby limiting visibility into malicious activity: