Adversarial Email forward rules

Affects:

Severity:

HIGH

Productivity
Impact:

LOW

Fix
Estimate

10 minutes

Research:

https://redcanary.com/blog/email-forwarding-rules/

Summary:

Adversaries set up forwarding rules on your users email inboxes to exfiltrate sensitive data and as a form of insurance in case they lose access to their victim’s email account.

Remediation details

Check forwarding reports

  1. Navigate to https://admin.exchange.microsoft.com
  2. Click on Reports > Mail Flow
  3. Click on Auto forwarded message report
  4. Review all forwarding rules for suspicious email recipients


This Threat Is Automatically Protected By Overe Protect

Assess the security posture of all your MSP's clients and get actionable remediation steps, in under 3 minutes. 100% free.

Overe Background image
Assess For Free

Get up and running in under 2 minutes, no credit card required.

Get Started Free  

Free audit worth £1000

Thank you!
Your submission has been received!
Oops!
Something went wrong! Try again later
Overe Background image
Privacy PolicyTerms & ConditionsBlogFAQsThreat BulletinLinkedIn

© Overe 2024. All rights reserved.
Overe™ is a registered trade mark of Overe LTD UK.