If you have missing emails from your Inbox, take action now.

If you are missing emails from your mailbox, emails you expected but of which there is no sign, there is a good chance your account has been compromised. this is not the same sort of problem I detailed in a recent blog about Sent Items that are missing.

Affected accounts tend to be cloud based types such as Outlook.com, Office365 and Google Mail but importantly they allow the creation of rules to handle email.

Criminals may have gotten your password as the result of either fooling you into changing it or giving it away, or because you use the same password on multiple websites, one of which has been compromised. They will set rules up on your email that will forward all emails to a burner account they have setup (usually Gmail). the rules will also move the emails to another folder so you don’t see them.

This gives the criminals time to collect data about you, it will tell them where you shop, bank and generally access secure sites. Every incoming email that’s meets the rules they set will be forwarded to them and hidden from you. It will allow them to intercept password resets so you are none the wiser that you are being attacked. When they have enough information, they can pose as you or simply use the details they have acquired to commit fraud.

How do you know it is happening? Firstly, you already suspect emails are missing. Using Outlook.com, I will show you an example of inbox rules in action. In Outlook.com, Office365 and Gmail the settings are similar. There is a place where rules to handle your email can be set up. One Important note, Office365 now blocks sending of emails to external recipients from a rule to counter this problem.

How To Identify the cause of missing emails. Check the Inbox Rules. If you see any rules you don’t know about, have a look at what they do.

Clicking the gear icon in Outlook.com and type inbox to access the inbox rules.

In the example below, you can see there is a rule. I have handily called it Scammer Rule 1 but it could be called anything. Clicking the pencil icon to edit the rule makes it simpler to understand.

You can see below that the rule is designed to gather personal information, forward it to an external email address, move the email to another folder and mark it as read so it is not obvious that the email is there. I suspect the idea is that if someone thinks there is a problem, they may find the emails and then not be alarmed.

How to fix it

  1. Delete the rules that are suspicious
  2. Change your password for the email account
  3. Think very carefully! Do you use the same email address and password elsewhere, such as to log into Amazon or Ebay? If so, you are going to have to change the password for all sites or services that use that email address and password.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.