Privacy Peril: Stealers Wheel (Stuck in the Middle with You)

June 10, 2022
Firm Publication

In one type of “man-in-the-middle” (MITM or MTM) attack, a bad actor inserts himself between a user (individual or business) and a web application (such as a bank’s website) to capture sensitive or personal confidential information. Such an attack is often implemented through a person’s use of unencrypted public Wi-Fi networks. Today’s Privacy Peril, however, is not about this MITM species.

An MITM attack also occurs when a fraudster gains access to the email of a person and actively monitors that person’s communications looking for an opportunity to exploit. This type of cyber assault is seen all too frequently in email communications between business personnel responsible for billing and payment. However, the nature of the threat to an individual’s email communications is no different.

In this MITM scheme, the rogue monitors the email traffic of a user (Jake) for interesting, and hopefully lucrative, information. Once a set of email exchanges is targeted, the trickster essentially steps in between Jake and the other emailing party (Elwood), becoming Jake in Elwood’s eyes. To avoid detection, typically the scammer sets up an email rule that forwards all of Elwood’s emails away from Jake’s inbox to a different location Jake normally would not check. Prime examples of redirected repositories are the deleted or junk items folders in Outlook or Gmail, or the trash or spam folders in Comcast email. Another location often used by fraudsters is the RSS Feeds folder because it is rarely viewed by most users (and certainly never by Jake). Regardless of the forwarded location, once the shyster responds as Jake to Elwood, he permanently deletes Elwood’s genuine incoming email to avoid detection. He may also delete the sent item version of his outgoing reply email to Elwood, or even set up an additional rule that immediately deletes all of Jake’s sent emails if he thinks Jake is unlikely to access the sent items folder. Alternatively, he may simply create an entirely new folder that appears at the bottom of the folder list, off the immediately-visible screen space (for example, Z-Imposter), to house all the intercepted emails and responses where he can view them at any time.

To minimize this risk, regularly check your email rules to be certain all are ones you created or recognize. Normally, mailbox rules can be found in your email settings (look for the ubiquitous gear icon. Second, regularly inspect all your email folders, not just your inbox. Be particularly vigilant to confirm no unrecognized folders are present. And, of course, be circumspect when responding to emails that request or direct payment of funds, even if the person with whom you are supposedly emailing is a close friend. Confirm the orphanage’s property taxes truly are delinquent before transmitting payoff funds.

Check out our series, Privacy Perils, to learn what steps you can take to guard your personal and company data. For more information about this topic and other cyber security concerns, please contact Bob Brewer, Tony McFarland, Elizabeth Warren or a member of our Privacy & Data Security team.