December 17, 2020
On November 25, 2020, the Federal Bureau of Investigation’s (FBI), Cyber Division issued a warning on a new coronavirus related e-mail scheme. Criminals are again targeting teleworkers and tele-business operations through the use of web-based email applications. Dubbed the business email compromise (BEC) scheme, the sophisticated scam targets businesses that process electronic payments. First, an organization’s email system is compromised through either social engineering or computer intrusion techniques. Then the perpetrator uses access to the victim organization’s system and email communications to gather account information to redirect funding. This is done with the use of auto-forwarding rules. The use of auto-forwarding decreases the likelihood of the victim noticing the fraudulent communications because the communications occur outside of the victim’s email. To further obscure the illegal actions the scheme may also use auto-forwarding rules to delete records from the recycling bin.
Image Source: Trustwave
BEC utilizes the web-based client auto-forwarding rules. Web-based client refers to when the user logs into their email from a browser such a Chrome, Edge, or Firefox rather than launching an installed application like MS Outlook.
To thwart BEC, security administrators should actively sync web and desktop email clients so changes to auto-forwarding rules remain visible to security administrators. This is an important step as the auto-alerts through security monitoring appliances can miss updates on remote workstations. Failing to set up routine sync of web and desktop email clients leaves an entire network vulnerable to connected computers that have not been updated.
The FBI also notes that even after a potential BEC attack, a system audit may not identify rules that were changed if the victimized organization fails to audit both the web and desktop email clients. Failure to run an audit on both systems increases the amount of time the criminal has access to the organization’s email.
For more information on the BEC threat, including tips on how to avoid becoming a victim, please review the FBI’s entire release:
For more reading on Court cybersecurity visit NCSC’s JTC Resource Bulletin: Cybersecurity Basics for Courts, The Importance of Having a Cybersecurity Response Plan, Cyber Threats and Cyber Hygiene During the COVID-19 Pandemic Crisis.
For more information on court cybersecurity please contact Paul Embley at (757) 259-1844, or email him. For Information on other topics impacting state courts, contact Knowledge@ncsc.org or call 800-616-6164.