The FBI's Cyber Division has issued a Private Industry Notification (PIN) warning companies of the risks posed by auto-forwarding email rules. PIN 20201125-001 explains that the shift to working from home has raised the risk inherent in many email vulnerabilities, but that auto-forwarding threats are particularly serious because the results can be unseen by employees and security teams until long after a breach has occurred.
In the PIN, which was coordinated with DHS-CISA, the FBI gives examples of how auto-forwarding rules can be exploited to make more effective business email compromise (BEC) attacks. They make special note of the differences that can exist between the ways that auto-forwarding rules are entered and enforced on Web pages and email clients. Those differences can be the stress points that attackers hit to gain access to accounts and make fraudulent messages more believable.
Among the FBI's recommendations: make sure that email software versions are the same on email clients and Web browsers, and that auto-forwards to external email addresses are blocked.
For more, read here.