[Reading time: 2 minutes]


I recently mentioned that email auto-forwarding is a common back door used by cyber criminals to retain access to your inbox.

In case you didn’t believe me, here’s a quote from an FBI alert on the subject:

“Cyber criminals are implementing auto-forwarding rules on victims’ web-based email clients to conceal their activities. [They] create auto-forwarding rules within email accounts after they obtain employee credentials to decrease the victims’ ability to observe fraudulent communications.”


What does this mean?

By setting up auto-forwarding in your email account:

  • The criminals will receive a copy of every email that gets sent to you.
  • They will never need to log into your email account again.
  • This will continue, even when you change your password or log out of all sessions.
  • You won’t know that this is happening (because emails will still get to your inbox).
  • And best of all, you won’t see their ‘replies’ to the original sender.


What could this mean?

Just receiving a copy of all your emails may be enough to cause a serious problem – More on this in a future email.

But they may go further and use this as an opportunity to fool someone who trusts you:

  1. The criminals could create an email address that looks very similar to yours.
  2. They will use this to ‘reply’ to someone who sent you an email.
  3. Because the criminals’ email address looks very similar to your real one, this increases the likelihood that this person will be fooled into thinking that they are in a conversation with you.
  4. So, when ‘you’ ask for payment of an invoice to ‘your’ new bank account, they may be fooled into doing it.

The FBI notification mentions one case where the criminals got away with $175,000.


So what?

This alert was issued by the FBI over two years ago.

And unfortunately, the FBI notification suggests it may be complicated to see all of the email forwarding rules that are currently in use.

So, if you haven’t started to work with your IT provider to check whether email auto-forwarding is happening in your organisation, now is the time to get started.


PS The FBI has recommended specific actions to reduce the risks, including the old reliables:

  • Multi-Factor Authentication: Protecting your email accounts with Multi-Factor Authentication makes it difficult and time-consuming for cyber criminals to gain access to your email accounts in the first place.
  • Staff Training: Educating and reminding your staff about what to watch out for so they are less likely to be fooled makes it even more difficult for the poor criminals.


Finalising your 2022 accruals?

If you plan to improve your cybersecurity defences soon and you are currently seeking ways to accrue unspent 2022 budget before the end of the year, let me know.

We could very quickly agree an engagement scope and get started before 31 December.

This may enable you to accrue for this in your 2022 accounts (I am not an accountant so confirm this with your Finance team!).