FBI warns of new coronavirus email auto-forwarding scam

Topic: FBI warns of new coronavirus email auto-forwarding scam

Criminals taking advantage of the COVID-19 pandemic are turning to a new email scamming technique.

Scammers are exploiting auto-forwarding rules to boost the success rate of so-called Business Email Compromise (BEC) attacks, the FBI said in a statement.

This allows cybercriminals to better conceal their scamming activities, the FBI said, adding that scammers are doing this as the COVID-19 pandemic necessitates more telework, another factor increasing the likelihood of success.

The news was first reported by Bleeping Computer.

In a typical business email scam, a criminal spoofs, or mimics, a legitimate email address. Often, the message appears to be from within the company or from a client. The scammer typically requests a payment, wire transfer or gift card purchase that, if successful, funnels the money to a criminal organization, as described by the FBI.

Business email schemes resulted in more than $1.7 billion in worldwide losses, according to the FBI’s Internet Crime Complaint Center (IC3) in 2019.

In the recent cases cited by the FBI, the vulnerability occurs because the client’s forwarding rules “often do not sync with the desktop client” limiting cybersecurity professionals’ ability to track criminal activity, the FBI said.

“Cybercriminals then capitalize on this… to increase the likelihood of a successful business email compromise,” the notification added.

In August, cybercriminals created auto-forwarding email rules on the recently upgraded web client of a U.S.-based medical equipment company.

“The webmail did not sync to the desktop application and went unnoticed by the victim company, which only observed autoforwarding rules on the desktop client,” the notification said.

After the criminals gained access to the network, they impersonated a known international vendor. They also created a website similar to the victim’s “to further increase the likelihood of payment,” the FBI said, among other ruses to fool the victim. The criminals ended up stealing $175,000.

In another version of the scam, the IC3 in 2019 saw an increase in the number of business email complaints related to the diversion of payroll funds.

“In this type of scheme, a company’s human resources or payroll department receives an email appearing to be from an employee requesting to update their direct deposit information for the current pay period,” the FBI said. The requested change then routes the employee’s paycheck to a criminal.

Recommended ways to reduce the likelihood of these scams include being watchful for last-minute changes in established email account addresses, checking email addresses for slight changes that can make fraudulent addresses appear legitimate, enabling multifactor authentication for all email accounts, and prohibiting automatic forwarding of email to external addresses, according to the FBI.

Topic Discussed: FBI warns of new coronavirus email auto-forwarding scam