• Forwarding Exchange Emails to a Private Email Account

    Home » Forums » Admin IT Lounge » WSUS, SCCM, Exchange and update management tools » Forwarding Exchange Emails to a Private Email Account

    • This topic has 4 replies, 4 voices, and was last updated 3 years ago.
    Author
    Topic
    Dennis Hoffer
    AskWoody Lounger
    May 11, 2020 at 4:27 pm #2261515
    Options

    I hope someone can shed light on this question:

    For many years my employer has used Exchange to forward work emails to my private email address. Recently, IT has stopped forwarding citing a “potential virus risk” (no further explanation). They do not allow Outlook Anywhere or VPN.

    Doing some internet research, I can find no reasoning for this policy change.

    Can you explain how a simple email forward can cause the transfer of virus’s or if there is some risk I do not understand? I would imagine any exploits would have been addressed by now since this has been a standard feature in Exchange for years?

    Thank you.

    Reply | Quote
    Viewing 3 reply threads
    Author
    Replies
    • Paul T
      AskWoody MVP
      May 12, 2020 at 3:46 am #2261695
      Options

      I would have thought it’s more likely to be a business IP /fraud issue. I have always disabled auto external forwarding for that very reason.

      If you are required to work offsite the business must give you access to your work tools, including mail.

      cheers, Paul

      Reply | Quote
    • b
      Manager
      May 13, 2020 at 12:26 pm #2262311
      Options

      I believe this is related to two FBI alerts last month (and fraud, not virus risk, as Paul said):

      THREAT

      There are a number of BEC [Business Email Compromise] scam variants. One of the most effective types is initiated through phishing emails designed to steal email account credentials. Cyber criminals use phishing kits that impersonate popular cloud-based email services. Many phishing kits identify the email service associated with each set of compromised credentials, allowing the cyber criminal to target victims using cloud-based services. Upon compromising victim email accounts, cyber criminals analyze the content of compromised email accounts for evidence of financial transactions. Often, the actors configure mailbox rules of a compromised account to delete key messages. They may also enable automatic forwarding to an outside email account.

      Using the information gathered from compromised accounts, cyber criminals impersonate email communications between compromised businesses and third parties, such as vendors or customers, to request pending or future payments be redirected to fraudulent bank accounts. Cyber criminals frequently access the address books of compromised accounts as a means to identify new targets to send phishing emails. As a result, a successful email account compromise at one business can pivot to multiple victims within an industry.

      RECOMMENDATIONS FOR IT ADMINISTRATORS

      Prohibit automatic forwarding of email to external addresses.

      CYBER CRIMINALS CONDUCT BUSINESS EMAIL COMPROMISE THROUGH EXPLOITATION OF CLOUD-BASED EMAIL SERVICES, COSTING US BUSINESSES MORE THAN $2 BILLION
      [April 06, 2020; FBI Alert Number I-040620-PSA]

      Business email compromise (BEC) is a scam that targets anyone who performs legitimate funds transfers. Recently, there has been an increase in BEC frauds targeting municipalities purchasing personal protective equipment or other supplies needed in the fight against COVID-19.

      FBI Anticipates Rise in Business Email Compromise Schemes Related to the COVID-19 Pandemic
      [April 6, 2020; FBI Press Release]

      Symptoms of a Compromised Microsoft Email Account

      The presence of inbox rules that weren’t created by the intended user or the administrator. These rules may automatically forward emails to unknown addresses

      Mail forwarding was recently added.

      Responding to a Compromised Email Account
      [05/05/20; Microsoft 365]

      Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

      1 user thanked author for this post.
      Elly
      Reply | Quote
    • Dennis Hoffer
      AskWoody Lounger
      May 15, 2020 at 4:11 pm #2262991
      Options

      I believe that explains it!

       

      thanks and much appreciated!

      1 user thanked author for this post.
      b
      Reply | Quote
    • mn–
      AskWoody Lounger
      May 15, 2020 at 4:24 pm #2262996
      Options

      Though really, the issue is not new at all. I remember seeing warnings against malicious forward-rule plants in the 90s already. (And other rule plant exploits.)

      Nothing really new here except the added threat pressure… and publicity.

      Reply | Quote
    Viewing 3 reply threads
    Reply To: Forwarding Exchange Emails to a Private Email Account

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • How to use the Forums
  • All Forums

    • Recent Topics

    June 2023
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    252627282930  

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2023 by AskWoody Tech LLC. All Rights Reserved.