Check your filters!

#1

Millions of people have had access to their email compromised by someone gaining unauthorized access to their email account. Sometimes this goes unnoticed for a long time giving the bad actor to be the man in the middle or use your account to hide their tracks while defrauding others or start sending spam.

Usually, people only notice that their account has been compromised when their contacts complain of receiving spam. The man in the middle or illicit use of your email account is hard if not impossible to detect. We can block the unauthorized access to an email account by changing the password. Hopefully with a strong and unique password and enabling their 2 step verification/authorization.

Changing password is not enough to stop unauthorized use of your email address! A smart hacker can set some simple rules in your email account to automatically process and forward email regardless of how often passwords are updated with strong ones. These filters continue to keep doing their job of the hacker well informed about emails flowing through your email account.

Checking your filters

Log into the web version of your email account. For example iCloud.com, gmail.com, yahoo.com, etc. Open the filters page under settings. Verify that any “rules” or “filters” that might be present and delete anything suspicious to you. Just in case you are ever contacted by law in force not it wise to make a note of the settings or take a screenshot of any suspicious rule before deleting it.

1 Like
#2

I believe this is another advantage of POP mailboxes. My mail is all to my own domain, nothing stays on the server, I never use web access to do anything and there are no rules on it. Now the gmail one could have stuff in it but it’s also POP so nothing there either.

#3

This has nothing to do with pop or imap. Filters can siphon off emails from any email server.

1 Like
#4

What I’m saying is there is no place, setting or location on my main system that describes any filters or rules. On gmail there is a place for them but none exist there.

1 Like
#5

“Millions”? Based on what? So based on your numbers that would mean that user accounts at google/gmail have been compromised this way in the hundreds of thousands?

As more organizations migrate to cloud/sas email options I’m sure they’re forming tiger teams to check for compromised filter/forward rules. C’mon… if you’re gonna make stuff up at least make it good. Not saying that isn’t a potential risk; just not a big one…

#6

Then you are in the minority.

Most people have email accounts with their isp, or one of the big 3 mentioned.

#7

Almost every one had had themselves or know someone who has…

For starters Yahoo with 3 BILlON accounts.

#8

I have my own for my domain at Dreamhost.
Having said that, it also has rules (filters) that can run on the server, supports POP3, IMAP, and a web interface. Whether I ever see the web interface or not, it would be possible for someone with my password to setup rules to do nefarious things.

1 Like
#9

Yes and these rules keep working after you change the password.

I recently encountered a client
where a filter was set to forward any
email from .@amazon.com to
an other email account. Same for some other online stores etc. Also some
filters to forward email back to these accounts.

1 Like
#10

If these numbers are right, close to 800 million email addresses with possible passwords from one list alone.

https://haveibeenpwned.com/

And millions more:

#11

Right, and of those hacked accounts how many were subject to the specific “exploit” or method that you mention. You don’t know. You can’t know.

Look, I’m not saying that that can’t happen, but I am saying that your claim is baseless. Just not how it works in the real world.

1 Like
#12

https://www.impsolutions.com/news-and-events/blog/how-office-365-email-hack-cost-millions-and-how-you-can-avoid-same-fate

Plenty more real world examples on the googles.

2 Likes
#13

This post was flagged by the community and is temporarily hidden.

closed #14