FBI warns of new coronavirus email auto-forwarding scam

Criminals taking advantage of the COVID-19 pandemic are turning to a new email scamming technique.

Scammers are exploiting auto-forwarding rules to boost the success rate of so-called Business Email Compromise (BEC) attacks, the FBI said in a statement.

This allows cybercriminals to better conceal their scamming activities, the FBI said, adding that scammers are doing this as the COVID-19 pandemic necessitates more telework, another factor increasing the likelihood of success.  

The news was first reported by Bleeping Computer

In a typical business email scam, a criminal spoofs, or mimics, a legitimate email address. Often, the message appears to be from within the company or from a client. The scammer typically requests a payment, wire transfer or gift card purchase that, if successful, funnels the money to a criminal organization, as described by the FBI.

Business email schemes resulted in more than $1.7 billion in worldwide losses, according to the FBI’s Internet Crime Complaint Center (IC3) in 2019.

In the recent cases cited by the FBI, the vulnerability occurs because the client’s forwarding rules “often do not sync with the desktop client” limiting cybersecurity professionals’ ability to track criminal activity, the FBI said.

“Cybercriminals then capitalize on this… to increase the likelihood of a successful business email compromise,” the notification added.

In August, cybercriminals created auto-forwarding email rules on the recently upgraded web client of a US-based medical equipment company.

“The webmail did not sync to the desktop application and went unnoticed by the victim company, which only observed autoforwarding rules on the desktop client,” the notification said.

After the criminals gained access to the network, they impersonated a known international vendor. They also created a website similar to the victim’s “to further increase the likelihood of payment,” the FBI said, among other ruses to fool the victim. The criminals ended up stealing $175,000.

In another version of the scam, the IC3 in 2019 saw an increase in the number of business email complaints related to the diversion of payroll funds.

“In this type of scheme, a company’s human resources or payroll department receives an email appearing to be from an employee requesting to update their direct deposit information for the current pay period,” the FBI said. The requested change then routes the employee’s paycheck to a criminal.

Recommended ways to reduce the likelihood of these scams include being watchful for last-minute changes in established email account addresses, checking email addresses for slight changes that can make fraudulent addresses appear legitimate, enabling multifactor authentication for all email accounts and prohibiting automatic forwarding of email to external addresses, according to the FBI.

All countries
138,807,528
Total confirmed cases
Updated on April 14, 2021 11:38 pm
Italy
3,809,193
Total confirmed cases
Updated on April 14, 2021 11:38 pm
Spain
3,387,022
Total confirmed cases
Updated on April 14, 2021 11:38 pm
Iran
2,143,794
Total confirmed cases
Updated on April 14, 2021 11:38 pm
Germany
3,064,382
Total confirmed cases
Updated on April 14, 2021 11:38 pm

Latest Updates

Without Backpackers to Pick Them, Crops Rot by the Ton in Australia

SHEPPARTON, Australia — Peter Hall ran a hand over the Gala apples sitting in a wooden crate on his orchard in southeastern Australia, lamenting...

U.S. Will Have Enough COVID-19 Vaccines for All Adults by End of May, Biden Says

You have reached your limit of 4 free articles. Get unlimited access to TIME.com.99¢ for the first month Subscribe Now You have...

Biden Vows Enough Vaccine ‘for Every Adult American’ by End of May

But Johnson & Johnson and its partners fell behind in their manufacturing. The company was supposed to deliver its first 37 million doses by...

Popular Articles

Without Backpackers to Pick Them, Crops Rot by the Ton in Australia

SHEPPARTON, Australia — Peter Hall ran a hand over the Gala apples sitting in a wooden crate on his orchard in southeastern Australia, lamenting...

U.S. Will Have Enough COVID-19 Vaccines for All Adults by End of May, Biden Says

You have reached your limit of 4 free articles. Get unlimited access to TIME.com.99¢ for the first month Subscribe Now You have...

Biden Vows Enough Vaccine ‘for Every Adult American’ by End of May

But Johnson & Johnson and its partners fell behind in their manufacturing. The company was supposed to deliver its first 37 million doses by...

Twitch gamer Sodapoppin quits fake GTA jobs because they’re too hard

Sometimes being a fake fast-food restaurant manager can be as taxing as being a real one. This is especially true when you also have pretend...

Sarkozy says could take corruption appeal to European human rights court

France's former president Nicolas Sarkozy said Tuesday that he might consider taking his appeal against a corruption conviction to the European Court of...

Where Biden’s Foreign Policy Is Taking the U.S.

One day before the administration announced its decision on Saudi Arabia, Biden gave the first major indication of his presidency that he would be...

Interviews