Cybertech Europe 2026-IT Industry Official Media Partner
Subscribe

Stay up to date with the most important news

By pressing the Subscribe button, you confirm that you have read and agree to our privacy policy and terms of use
Contact us

Cybercriminals adapt inbox rules to remain invisible and move data

Email attack on the IT industry Email attack on the IT industry
Email attack on the IT industry

In a new study, Barracuda Networks researchers show how attackers can abuse inbox rules once they have gained access to an email account, avoiding detection while stealing information from a company’s network. This type of attack relies on victims not seeing security alerts – and the attacker archiving selected messages in discreet folders that the victim doesn’t notice.

The abuse of email inbox rules is a smart and effective tactic that happens covertly.

It is easy to execute once an attacker has gained access to an account, says Prebh Dev Singh, head of Email Protection Product Management at Barracuda.

Although email detection tools have evolved and machine learning has made it easier to spot suspicious rules, Barracuda's study shows that cybercriminals continues to attack companies in this way. Manipulated regulations can therefore be a serious threat to their data and other assets.

  • VORTIQ-X AI Governance helps companies transform AI into controllable and verifiable business value.
    VORTIQ-X is an AI Governance platform that helps organizations govern, verify, and create measurable business value from AI. The platform focuses on transparency, compliance, AI governance, and the effective use of AI in mission-critical processes.
    ADVERTISEMENT

  • Cybertech Europe 2026 cybersecurity conference in Rome with the IT industry as Official Media Partner
    Cybertech Europe 2026 is one of Europe's leading cybersecurity conferences, bringing together cybersecurity leaders, government officials, technology innovators, startups, investors, and enterprise decision-makers in Rome. The IT industry serves as an Official Media Partner, providing event coverage, executive interviews, industry insights, and cybersecurity news for Nordic and European audiences.
    ADVERTISEMENT

  • Maciek Szczesniak featured on IT-Branschen Wire Channel Magic Chats podcast banner
    Maciek Szczesniak appears on IT-Branschen Wire Channel Magic Chats, discussing leadership, innovation, digital transformation, and business services.
    SPONSORED

  • The IT industry Nordic technology media platform covering cybersecurity, cloud, AI, digital transformation, channel, MSP and enterprise IT news
    The IT industry is a leading Nordic technology media platform covering cybersecurity news, artificial intelligence, cloud computing, enterprise IT, digital transformation, managed services, channel partners, software development, telecommunications, data centers, IT infrastructure, technology leadership, business innovation, and emerging technologies. Through executive interviews, industry analysis, event coverage, thought leadership, product launches, vendor updates, and market insights, the IT industry connects technology decision-makers, CIOs, CISOs, CTOs, IT managers, MSPs, resellers, distributors, technology vendors, startups, and enterprise organizations across Sweden, Norway, Denmark, Finland, and Europe. Coverage includes cybersecurity trends, AI adoption, cloud strategy, enterprise software, networking, digital infrastructure, sustainability, compliance, governance, risk management, automation, data analytics, and future technology developments.
    OWN CONTENT

Since it is a technique used after an account has been taken over, it is a sure sign that you have an attacker in your network. "This means that immediate action is needed to get them out," says Peter Graymon, head of Barracuda Networks in the Nordic countries.

Stolen from an e-mail account in Braschen
Stolen from an e-mail account in Braschen

Once an attacker has gained access to an email account, for example through phishing or by using stolen login credentials, they can set up one or more automated email rules that allow them to continue accessing the mailbox without being detected. This can be used for a variety of malicious purposes, including:

  • to steal information or money and delay detection. Attackers can set a rule to forward all emails containing sensitive and potentially lucrative keywords such as “payment,” “invoice,” or “confidential” to an external address.
  • to hide specific incoming emails such as security alerts by moving such messages to rarely used folders, marking emails as read, or simply deleting them.
  • to monitor the activities of the attacker and collect information about him (or the company) that can be used as part of further attacks.
  • for so-called CEO fraud (BEC), set up a rule that deletes all incoming emails from a specific colleague, such as the chief financial officer (CFO). This allows attackers to pretend to be the CFO and send fake emails to colleagues to convince them to transfer money to a bank account controlled by the attackers.

If the abused rule is not discovered, it continues to apply even if the victim's password changes or if you enable multi-factor authentication, implement other strict conditional access policies, or if the computer is rebuilt. As long as the rule remains in place, it risks becoming an effective tool for the attacker.

Read more here »

Stay up to date with the most important news

By pressing the Subscribe button, you confirm that you have read and agree to our privacy policy and terms of use
  • Cybertech Europe 2026 cybersecurity conference in Rome with the IT industry as Official Media Partner
    Cybertech Europe 2026 is one of Europe's leading cybersecurity conferences, bringing together cybersecurity leaders, government officials, technology innovators, startups, investors, and enterprise decision-makers in Rome. The IT industry serves as an Official Media Partner, providing event coverage, executive interviews, industry insights, and cybersecurity news for Nordic and European audiences.
    ADVERTISEMENT

  • VORTIQ-X AI Governance helps companies transform AI into controllable and verifiable business value.
    VORTIQ-X is an AI Governance platform that helps organizations govern, verify, and create measurable business value from AI. The platform focuses on transparency, compliance, AI governance, and the effective use of AI in mission-critical processes.
    ADVERTISEMENT

  • The IT industry Nordic technology media platform covering cybersecurity, cloud, AI, digital transformation, channel, MSP and enterprise IT news
    The IT industry is a leading Nordic technology media platform covering cybersecurity news, artificial intelligence, cloud computing, enterprise IT, digital transformation, managed services, channel partners, software development, telecommunications, data centers, IT infrastructure, technology leadership, business innovation, and emerging technologies. Through executive interviews, industry analysis, event coverage, thought leadership, product launches, vendor updates, and market insights, the IT industry connects technology decision-makers, CIOs, CISOs, CTOs, IT managers, MSPs, resellers, distributors, technology vendors, startups, and enterprise organizations across Sweden, Norway, Denmark, Finland, and Europe. Coverage includes cybersecurity trends, AI adoption, cloud strategy, enterprise software, networking, digital infrastructure, sustainability, compliance, governance, risk management, automation, data analytics, and future technology developments.
    OWN CONTENT

  • Maciek Szczesniak featured on IT-Branschen Wire Channel Magic Chats podcast banner
    Maciek Szczesniak appears on IT-Branschen Wire Channel Magic Chats, discussing leadership, innovation, digital transformation, and business services.
    SPONSORED