RMail Eavesdropping Alerts You, When Common Phishing Email Schemes Impact You

RMail Eavesdropping Alerts You, When Common Phishing Email Schemes Impact You

September 01, 2022 / in Blog / by Zafar Khan, RPost CEO

We’ve extended email security to now let you know how secure your recipient’s inbox is. Novel, insightful, very cool!

Recently, we’ve run a series of articles on RMail’s newest set of PRE-Crime services. For a refresher, please check our part 1 and part 2 of the series. In a nutshell, “Precrime” is a concept from Philip K. Dick’s 1956 sci-fi short story, “The Minority Report.” It is based on the name of a future police agency tasked with identifying people who will commit crimes in the very near future—before they actually happen.

RMail AI now and its newly released features are essentially a customer’s very own PRE-Crime-fighting agency. Two of the most interesting new features are email account eavesdropping alerts and the lookalike domain detector.

Know more on

Eavesdropping Attacks



Keep in mind, there are lazy cybercriminals that send sloppy phishing emails, and then organized crime rings that are quite sophisticated and put a team on the task once they get their hooks in. Here is a brief rundown of a sophisticated email crime in progress that could have been foiled:

1. You send an email to a client or recipient about a payment due to you (invoice, purchase order, etc.).

2. Your recipient’s email account is being unknowingly eavesdropped on by a cybercriminal (using a discovered reused password and IMAP protocol at their server for example).

3. Within hours of your email going to your recipient, the cybercriminal copies that email content (often including PDF payment details for a wire or ACH) and changes only one thing—the account where the money is to be sent!

Note that these cybercriminals often have bank accounts at the same major banks that many of us use. So, if you usually have payments going to your Bank of America account, they will use that same bank, same routing number, but they will use their own account number.

4. This email will arrive in your recipient’s inbox from what appears to be your email address (or it will come from a lookalike address – your name with a newly purchased domain one letter off from your domain) so the recipient only sees your original request and then a second one. To most people it would appear as if you sent the email twice, and the recipient usually opens the newer one, which is the one from the cybercriminal.

The email is configured so when the recipient replied, thinking it is coming to you, the reply actually routes the cybercriminal, and essentially your email thread back-and-forth with your recipient is hijacked. This is where there can be several or a week’s worth of back-and-forth email between the cybercriminal (posing as you) and your recipient – WITHOUT YOUR KNOWLEDGE! You are cut out of the loop of your own originated transaction!

5. The cybercriminal then has someone follow-up by phone with your unwitting recipient stating that they are your assistant (or some other yarn), and they are following up to see when the invoice or purchase payment will be sent.

6. Your recipient sends the payment to the cybercriminal’s bank account (thinking it was your account) and replies to the fake email address from the fake you with confirmation.

7. The cybercriminal immediately moves the funds from the bank to an offshore account. The money is now, for all intents, gone forever.

8. Meanwhile, a week or a so later, the real you follows up to find out when payment will be made. The recipient will say that it was already sent, and then panic ensues when account numbers are found to be wrong, and the funds are gone.

The above scheme and its iterations have been so successful that the FBI recently reported that $50 billion of funds have been mis-wired and unrecoverable – and that is only what is reported to the FBI. Because all email schemes are done at scale, a cybercriminal can send out hundreds of these fake emails at a fairly low cost needing only one of the messages to ‘hit’ to be a profitable enterprise.

If you had the RMail with its Email Eavesdropping™ alerts on, you would know when your clients are being drawn into the above scheme; before you are cut out of the loop!

For your clients, you should certainly recommend they install the RMail for Outlook with its Lookalike Domain™ detector – their use will protect you in that they will be alerted BEFORE replying to the cybercriminal posing as you.

These would be able to protect funds from not being mis-sent.

With these features, (a) you will get alerts if an email to a client is being unknowingly read by a nefarious party. Put another way: if an email someone sends is being eavesdropped on due to an unknown security issue with the recipient’s email account, you will be alerted. And (b) you and they if they use RMail, will get alerts after they click SEND, before SENT that they are about to correspond with a cybercriminal unknowingly.

Please contact us to see how we’ve extended an email sender’s ability to secure email to include the identity of e-crimes in progress at the recipient. This and many other PRE-Crime features are all made possible with the latest RMail.