"Research Warns Email Rules Are Being Weaponized by Cyberattackers"

The cloud cybersecurity company Barracuda Networks has released new research on attackers using malicious email rules to steal information and avoid detection after compromising corporate networks. Automated email inbox rules help manage the flood of emails that many people encounter in their professional lives. Inbox rules help categorize, forward, and delete emails based on user-defined criteria. However, research from Barracuda Networks suggests that cybercriminals can also exploit their convenience. According to the study, once an attacker has access to an account, they can use email rules to hide inbound emails, such as security alerts, or cover their tracks from the account owner. An attacker can hide activities using email rules, exfiltrate data by setting rules to forward emails containing specific keywords to external addresses, and impersonate senior executives to conduct Business Email Compromise (BEC) attacks. This article continues to discuss the weaponization of email rules. 

SiliconANGLE reports "Research Warns Email Rules Are Being Weaponized by Cyberattackers"