News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Forwarding Exchange Emails to a Private Email Account

    Posted on Dennis Hoffer Comment on the AskWoody Lounge

    Home Forums Admin IT Lounge WSUS, SCCM, Exchange and update management tools Forwarding Exchange Emails to a Private Email Account

    Viewing 4 reply threads
    • Author
      Posts
      • #2261515 Reply
        Dennis Hoffer
        AskWoody Plus

        I hope someone can shed light on this question:

        For many years my employer has used Exchange to forward work emails to my private email address. Recently, IT has stopped forwarding citing a “potential virus risk” (no further explanation). They do not allow Outlook Anywhere or VPN.

        Doing some internet research, I can find no reasoning for this policy change.

        Can you explain how a simple email forward can cause the transfer of virus’s or if there is some risk I do not understand? I would imagine any exploits would have been addressed by now since this has been a standard feature in Exchange for years?

        Thank you.

      • #2261695 Reply
        Paul T
        AskWoody MVP

        I would have thought it’s more likely to be a business IP /fraud issue. I have always disabled auto external forwarding for that very reason.

        If you are required to work offsite the business must give you access to your work tools, including mail.

        cheers, Paul

      • #2262311 Reply
        b
        AskWoody Plus

        I believe this is related to two FBI alerts last month (and fraud, not virus risk, as Paul said):

        THREAT

        There are a number of BEC [Business Email Compromise] scam variants. One of the most effective types is initiated through phishing emails designed to steal email account credentials. Cyber criminals use phishing kits that impersonate popular cloud-based email services. Many phishing kits identify the email service associated with each set of compromised credentials, allowing the cyber criminal to target victims using cloud-based services. Upon compromising victim email accounts, cyber criminals analyze the content of compromised email accounts for evidence of financial transactions. Often, the actors configure mailbox rules of a compromised account to delete key messages. They may also enable automatic forwarding to an outside email account.

        Using the information gathered from compromised accounts, cyber criminals impersonate email communications between compromised businesses and third parties, such as vendors or customers, to request pending or future payments be redirected to fraudulent bank accounts. Cyber criminals frequently access the address books of compromised accounts as a means to identify new targets to send phishing emails. As a result, a successful email account compromise at one business can pivot to multiple victims within an industry.

        RECOMMENDATIONS FOR IT ADMINISTRATORS

        Prohibit automatic forwarding of email to external addresses.

        CYBER CRIMINALS CONDUCT BUSINESS EMAIL COMPROMISE THROUGH EXPLOITATION OF CLOUD-BASED EMAIL SERVICES, COSTING US BUSINESSES MORE THAN $2 BILLION
        [April 06, 2020; FBI Alert Number I-040620-PSA]

        Business email compromise (BEC) is a scam that targets anyone who performs legitimate funds transfers. Recently, there has been an increase in BEC frauds targeting municipalities purchasing personal protective equipment or other supplies needed in the fight against COVID-19.

        FBI Anticipates Rise in Business Email Compromise Schemes Related to the COVID-19 Pandemic
        [April 6, 2020; FBI Press Release]

        Symptoms of a Compromised Microsoft Email Account

        The presence of inbox rules that weren’t created by the intended user or the administrator. These rules may automatically forward emails to unknown addresses

        Mail forwarding was recently added.

        Responding to a Compromised Email Account
        [05/05/20; Microsoft 365]

        Windows 10 Pro Version 2004: Group ASAP (Pioneer/Chump)

      • #2262991 Reply
        Dennis Hoffer
        AskWoody Plus

        I believe that explains it!

         

        thanks and much appreciated!

        1 user thanked author for this post.
        b
      • #2262996 Reply
        mn–
        AskWoody Lounger

        Though really, the issue is not new at all. I remember seeing warnings against malicious forward-rule plants in the 90s already. (And other rule plant exploits.)

        Nothing really new here except the added threat pressure… and publicity.

    Viewing 4 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Forwarding Exchange Emails to a Private Email Account

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.