There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

[Corp Blog] How attackers use inbox rules to evade detection after email account compromise

Summary

Attackers can use automated email rules to evade detection after compromising an email account. They can use these rules to steal information, hide emails, and impersonate others.

Some of the ways attackers use email rules include:

  • Forwarding emails containing sensitive keywords to an external address
  • Hiding specific inbound emails by moving them to rarely used folders, marking them as read, or deleting them
  • Creating email forwarding rules to monitor the activities of a victim and collect intelligence on the victim or the victim’s organization to use as part of further exploits or operations
  • Setting up rules that delete all inbound emails from a certain colleague, such as the Chief Finance Officer (CFO), so they can impersonate the CFO and send fake emails to convince colleagues to transfer company funds

Defenses that don’t work on their own include:

  • Changing the victim’s password
  • Turning on multifactor authentication
  • Imposing other strict conditional access policies
  • Rebuilding the victim’s computer
  • All
  • Subscribed
  • Moderated
  • Favorites
  • [email protected]
  • random
  • lifeLocal
  • goranko
  • All magazines
    •