Identifying Phishing Rules and Email Forwarding

December 14, 2023

[avatar user="Jamie Poindexter" size="thumbnail" align="left" link="attachment" /]byJamie Poindexter|Sep 8, 2020|Jamie's Tech Corner,Our blogIf you are a victim of email phishing the first thing the attackers commonly do is take precautions to make sure they can keep control of your email without you knowing. This will allow them to further spread to other users in your contact circle and create more victims. One way they do this is to create rules to move the email responses to a folder you might not know about or to forward emails to another account they control.What is email phishing?Email phishing is a email attack that has exploded recently and involves a attacker sending a email that looks real in hopes you will click on its link or attachment. Once you do they use a login page to steal the login and password for your email account or other sensitive site such as a banking site. They can then send out emails to other on your behalf to spread the attack.To check for these forwarding emails and rules you will want to first login to the Office 365 portal - with the email and password you normally use for work or home.Now click on the gear in the upper right

In the search box type “rules” and then click on “Inbox Rules”

Now there are 2 spots we need to check on this page. The first is the “Rules” make sure if any rules are listed, they match something you created and need. If you notice anything weird here like a rule that is moving emails to a folder you are not sure of you will want to delete that. In my example I have identified that the rules listed are something I have created in the past and are safe to leave.

If you see a rule that you did not create or are unsure of you can either turn it off or delete it.

The next spot we need to check is the forwarding. Click on “Forwarding” on the left to view if you are sending new emails to another email address.

If you do see a email in this setting make sure its intentional and a email you recognize such as a personal email. If its not uncheck the box and save the changes to turn the forwarding off.

If you haven’t already and you noticed a suspicious rule or forwarding email you will want to reset the password right away. If this is a work around you may have to reach out to your IT company to do this or you can reset yourself by clicking on account and then “My Account”

Then click on “Password” on the left side and enter the old and new passwords. Be aware it takes anywhere from 5-10 minutes before the devices will see the password change and require the new one to be entered. Any new logins will require the new password immediately.