The US Federal Bureau of Investigation (FBI) says that it is getting more common for cyber-criminals to use email forwarding rules in order to disguise themselves inside hacked email accounts.
The FBI sent out a PIN (Private Industry Notification) alert last week, which was made public yesterday, which said that the technique has been seen and abused in BEC (Business Email Compromise) attacks reported throughout the summer. The technique relies on a feature found in a number of email services called “auto-forwarding email rules.” This feature allows the email address owner to set up “rules” that forward incoming emails to another address if a defined criterion is met.
This method is widely used by malicious actors as it allows them to receive copies of incoming emails without needing to be logged in to an account, mitigating the risk of triggering a security warning for a suspicious login.