DNS Configuration

Protecting against email forwarding attacks

LAST EDITED:
PUBLISHED:
6/9/2023

Mailbox abuse poses a significant threat to the security and integrity of email communication in financial services.

Mailbox abuse, an escalating threat in the financial services sector, involves unauthorised access to an employee's mailbox, often facilitated by weak passwords or non-expiring login sessions. Attackers exploit this by setting up forwarding rules that redirect specific emails to their external mailboxes, allowing them to manipulate conversations and respond on behalf of the victim. The consequences of this form of cyberattack can be severe, leading to substantial financial losses and reputational damage as they can initiate or reroute wire transfers without the victim's knowledge. 

To protect against mailbox abuse, a multi-pronged approach is required, encompassing preventive measures, monitoring, and swift response tactics. Disabling mail forwarding capabilities, enforcing multi-factor authentication, monitoring forwarding rules, and reviewing the RSS feed mailbox folders are some key strategies that can help thwart such attacks.

Mailbox abuse prevention checklist

This condensed, actionable checklist is designed to help organisations in the financial services sector protect against mailbox abuse, reduce the risk of data leakage, and prevent fraud.

Disable mail forwarding capabilities

  1. For all users who do not have a business justification, mail forwarding capabilities should be disabled.

Enforce multi-factor authentication

  1. Enforce multi-factor authentication for all accounts.
  2. Set time-out sessions after 10 minutes of inactivity.

Monitor forwarding rules

  1. Regularly monitor forwarding rules and send alerts for any new rule created or deleted.
  2. Disable forwarding to external email addresses.

Review the RSS feed mailbox folders

  1. Instruct employees to regularly review the RSS feed mailbox folders for hidden email threads.
  2. Encourage employees to report any suspicious activity in these folders.

Educate employees about mailbox abuse

  1. Conduct regular training sessions on the risks of mailbox abuse and how to spot the signs.
  2. Reinforce the importance of strong, unique passwords and regular password changes.

Real-time authentication for major transactions

  1. Request your bank to perform real-time authentication with you for major wire transfers.

By implementing these steps, you can significantly bolster your organisation's defence against mailbox abuse.

DNS Configuration
Checklist
Expert

Related articles

Compromised Assets

Can crypto be hacked?

In the world of technology, there is always some probability of a cyber incident taking place. Whether it is hacking, denial of service, insider threat, account compromise, or technical failure, all technology can be broken in some way, no matter how implausible it may seem. The likelihood of an event is what usually has a defining impact on how we approach different technologies.

News

Karma ransomware rapid evolution

Karma ransomware has been observed targeting various organisations across several sectors with no specific industry targets. Each of the eight concurrent versions of the ransomware seems to be improving and rapidly evolving to stay up to date with the latest ransomware techniques. This pace of evolution suggests that the developer, ‘Eugene’, is highly skilled and chooses victims carefully to target the most vulnerable.

Compromised Assets

What Is a business email compromise?

Learn about preventing, identifying, and resolving a BEC before it can cause significant harm to your business.

View all

Sign Up to Our Newsletter

Our weekly Asia Cyber Summary is a snappy, non-technical overview of regional cybersecurity news that helps you stay informed. Test it today, you can always unsubscribe. 

Let’s talk
DNS Configuration
Expert