VCIO Corner - Email Forwarding Rules

Published: Nov. 7, 2019, 1:11 p.m.
Updated: Oct. 30, 2019, 1:11 p.m.
Cynergy Technology Logo

vCIO Corner 


Email Forwarding Rules

Over the past few weeks we've noticed a rash of malicious attacks that secretly creates a forwarding rule that automatically sends incoming email to an outside unknown entity putting the organization’s and user's information at risk. The rule is usually enabled by clicking on a link within an email. Malicious hackers will then use the information retrieved from these messages to facilitate more accurate attacks on your organization and others using historical conversation content that the intended recipient is already familiar with. The attack then becomes even more difficult to detect. 

This type of attack is known as "Phishing" and as the name implies, the links within are called "click bait". The goal of the attacker is to make the message look legitimate so that you will quickly breeze through the message content and click on the link that will give them the control they require to facilitate their attack. 

Steps that you can take to help protect yourself:

- Make sure you know who the original email message is from. 

- Check the content. Does the phrasing or word usage seem out of character for the sender?

- Hover over any links to review the associated address to ensure that it is valid.

There may be some cases where forwarding email outside of the organization to a third party email account may be required as part of a business need. In these cases email forwarding should only be enabled for individuals on a case by case basis; ensuring that the associated risks are fully understood. Once a message leaves the organization, the ability to control what happens to that content is lost. 

As always, your security is our top priority. If you have any questions or concerns, please feel free to reach out to us. If you would like to schedule our Cyber Security Awareness presentation with your staff, we would be more than happy to facilitate that as well. 


Brent Hudson, MBA-ITM

vCIO - Managed Services

Cynergy Technology

Follow me on: 

Twitter: @hudsonbrentt

LinkedIn: linkedin.com/in/brent-hudson-mba-itm-a4a96914