Tech Radar reports that cybercriminals are increasingly using a seemingly innocuous feature, inbox rules, as a primary method to maintain persistence and exfiltrate data undetected in email breaches. This tactic allows attackers to operate covertly, even bypassing security measures like password changes.Proofpoint's research highlights how threat actors leverage automated inbox rules, designed for legitimate organization, to hide security alerts, forward sensitive data, and mark messages as read. Analysis of breaches in the fourth quarter of 2025 revealed that approximately 10% of compromised accounts had malicious rules created within seconds of gaining access, often before any other malicious activity. These rules can persist even after a victim changes their password, as long as the rules themselves are not removed. Attackers commonly name these rules with simple characters like ".", "...", or "," to evade detection.Enterprise users, particularly in finance and executive roles, along with university accounts, are identified as prime targets. Organizations are advised to implement regular audits of inbox rules and educate users on identifying and removing suspicious automated actions. Source: Tech Radar
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




