Check your forwarding rules.
Email security is critical for everyone. It’s the account that controls most of your others. Need to reset a password? Or verify your identity for other reasons? You’ll probably get an email with a link.
If the bad guys can see that email, they can click the link and reset your passwords, gain access to other accounts and infect your online life.
Pest control
It’s not enough to have a strong password and use two-factor authentication, although you definitely need to do both of those things. You also need to check that hackers do not already have control of your email account.
A common way for criminals to maintain access to victim’s email is to set up a forwarding rule in their email account. A legitimate use is to send email from all of your different accounts into one main account. Or maybe you want a close friend to keep an eye on your email for a period of time, when you’re offline.
–
Criminals can use email forwarding to keep an eye on everything your doing, which gives them ammunition to trick you with convincing social engineering. They can even reset your passwords with other services and intercept the verification emails that online services inevitably send to check that it’s really you who is resetting the password.
I’ve seen this technique used against both businesses and individuals. It’s an easy, lo-tech approach that works really well, unfortunately.
Check your settings in 4 steps
Every email service does things slightly differently but most have email forwarding features. These instructions are for Google’s Gmail but the basic concept works for Yahoo!, Hotmail and other services.
- Click on the Settings cog
- Choose Forwarding and POP/IMAP
- Look at the Forwarding section. Ensure that there are no unexpected rules listed. Delete any you don’t need.
- Double-check that POP is disabled. These days its less likely that you’ll need it, and it gives attackers another way to keep an eye on your inbox.

–