Even with increased cyber awareness, threat actors continue to gain access to companies’ networks through human error. Employees may click on a link in a phishing email or threat actors may gain access through passwords found on the dark web. Once they gain access to the network, threat actors use existing email rules and forwarding to monitor client and vendor communications, obtain banking & wire transfer information, and collect personal identifiable information (“PII”). If email rules are not monitored, a cybercriminal may remain in a company’s system, undetected, for an extended period.
WHAT ARE EMAIL FORWARDING RULES?
Email Forwarding Rules allow an email account user to automatically redirect incoming emails to a separate account. This feature is a convenient tool for users and is utilized often in a business setting. For example, if a person will be out of the office for vacation or an extended period, they may forward their emails to a colleague in their absence. Cybercriminals use this feature to forward incoming emails to a separate folder or email account. Not only does this provide the attacker with intelligence for a subsequent broader attack, but it may also provide the cybercriminal with PII of other potential victims. In addition, the cybercriminal may have access to the emails even if the user turns on multi-factor authentication (“MFA”) or changes their password.
WHAT IMPACT COULD EMAIL FORWARDING RULES HAVE ON YOUR BUSINESS?
Once a threat actor gains access to a company’s email system, commonly referred to as a Business Email Compromise (“BEC”), they may access PII of your employees, vendors, and clients. Compromises may require forensic investigation to determine what individuals and regulators will need notification. BECs can be expensive and detrimental to a company; this is often only the beginning of a larger attack.
WHAT MAY HAPPEN NEXT?
HOW CAN YOUR COMPANY AVOID THIS TYPE OF ATTACK?
Cybercriminals continue to grow in sophistication. Companies can improve their defenses through detection and prevention.
Laura Kerns
Senior Claim Consultant