• Forwarding Exchange Emails to a Private Email Account

    Home » Forums » Admin IT Lounge » WSUS, SCCM, Exchange and update management tools » Forwarding Exchange Emails to a Private Email Account

    • This topic has 4 replies, 4 voices, and was last updated 3 years ago.

    I hope someone can shed light on this question:

    For many years my employer has used Exchange to forward work emails to my private email address. Recently, IT has stopped forwarding citing a “potential virus risk” (no further explanation). They do not allow Outlook Anywhere or VPN.

    Doing some internet research, I can find no reasoning for this policy change.

    Can you explain how a simple email forward can cause the transfer of virus’s or if there is some risk I do not understand? I would imagine any exploits would have been addressed by now since this has been a standard feature in Exchange for years?

    Thank you.

    Viewing 3 reply threads
    • #2261695

      I would have thought it’s more likely to be a business IP /fraud issue. I have always disabled auto external forwarding for that very reason.

      If you are required to work offsite the business must give you access to your work tools, including mail.

      cheers, Paul

    • #2262311

      I believe this is related to two FBI alerts last month (and fraud, not virus risk, as Paul said):


      There are a number of BEC [Business Email Compromise] scam variants. One of the most effective types is initiated through phishing emails designed to steal email account credentials. Cyber criminals use phishing kits that impersonate popular cloud-based email services. Many phishing kits identify the email service associated with each set of compromised credentials, allowing the cyber criminal to target victims using cloud-based services. Upon compromising victim email accounts, cyber criminals analyze the content of compromised email accounts for evidence of financial transactions. Often, the actors configure mailbox rules of a compromised account to delete key messages. They may also enable automatic forwarding to an outside email account.

      Using the information gathered from compromised accounts, cyber criminals impersonate email communications between compromised businesses and third parties, such as vendors or customers, to request pending or future payments be redirected to fraudulent bank accounts. Cyber criminals frequently access the address books of compromised accounts as a means to identify new targets to send phishing emails. As a result, a successful email account compromise at one business can pivot to multiple victims within an industry.


      Prohibit automatic forwarding of email to external addresses.

      [April 06, 2020; FBI Alert Number I-040620-PSA]

      Business email compromise (BEC) is a scam that targets anyone who performs legitimate funds transfers. Recently, there has been an increase in BEC frauds targeting municipalities purchasing personal protective equipment or other supplies needed in the fight against COVID-19.

      FBI Anticipates Rise in Business Email Compromise Schemes Related to the COVID-19 Pandemic
      [April 6, 2020; FBI Press Release]

      Symptoms of a Compromised Microsoft Email Account

      The presence of inbox rules that weren’t created by the intended user or the administrator. These rules may automatically forward emails to unknown addresses

      Mail forwarding was recently added.

      Responding to a Compromised Email Account
      [05/05/20; Microsoft 365]

      Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

      1 user thanked author for this post.
    • #2262991

      I believe that explains it!


      thanks and much appreciated!

      1 user thanked author for this post.
    • #2262996

      Though really, the issue is not new at all. I remember seeing warnings against malicious forward-rule plants in the 90s already. (And other rule plant exploits.)

      Nothing really new here except the added threat pressure… and publicity.

    Viewing 3 reply threads
    Reply To: Forwarding Exchange Emails to a Private Email Account

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: