How to Stop Attackers Setting Up Forwarding Rules Again

    After an email hack, it's important to make sure the attackers don't sneak back in. One common trick they use is setting up

    If you find any forwarding rules you didn't create, assume your account has been compromised and take immediate steps to secure it.

    What are email forwarding rules?

    Email forwarding rules automatically send copies of your incoming emails to another email address. While this can be handy for managing multiple accounts, attackers can use them to silently redirect your sensitive information to themselves, even after you’ve changed your password.

    Why attackers use forwarding rules

    Attackers set up forwarding rules to maintain access to your communications without you knowing. Even if you change your password and kick them out of your account, the forwarding rule can continue to send your emails, including password reset links for other services, directly to them.

    Checking for suspicious forwarding rules

    It’s a good idea to regularly check your email settings for any forwarding rules you don’t recognise. The exact steps vary slightly depending on your email provider, but generally, you'll find these settings in the 'Settings' or 'Options' menu.

    • Look for 'Settings', 'Options', or a gear icon.
    • Navigate to sections like 'Mail Flow', 'Forwarding', 'Rules', or 'Filters'.
    • Carefully review any listed forwarding addresses. Do you recognise them all?

    How to remove unwanted forwarding rules

    If you find a forwarding rule that looks suspicious, you should delete it immediately. This will stop your emails from being sent to the attacker. Make sure to save your changes after deleting any rules.

    • Select the suspicious forwarding rule.
    • Look for options like 'Delete', 'Remove', or a trash can icon.
    • Confirm the deletion and save your changes.

    Boosting your email security

    Beyond checking forwarding rules, there are other important steps you can take to protect your email account from future attacks. These measures make it much harder for attackers to gain access in the first place.

    • Enable Two-Factor Authentication (2FA) for an extra layer of security.
    • Use a strong, unique password for your email account.
    • Be wary of suspicious emails and links (phishing attempts).
    • Regularly update your operating system and web browser.

    Key takeaway

    By regularly checking your email forwarding settings and strengthening your overall email security, you can significantly reduce the risk of attackers regaining access to your account and keep your personal information safe online. Stay vigilant and make these checks a part of your online routine.

    More from Monitoring & Surveillance

    No image

    How to Protect Yourself While You Work Out What's Happening

    Reduce the chance of monitoring being re-established once you're safe.
    No image

    How to Quietly Investigate Suspected Partner Monitoring

    Removing stalkerware can escalate abuse. Plan the cleanup with a professional, then act.
    No image

    How to Tell If Partner Monitoring Is Real When You're Not Sure

    Your physical safety comes first. Don't touch the monitored device until you have help in place.