Email rules

The SANS Internet Storm Centre Diary has an interesting, if technical, article about the use and misuse of email forwarding rules.

Office 365 Mail Forwarding Rules (and other Mail Rules too) (sans.edu)

Why is this of interest to you?

As part of my MSc studies we looked at email attacks and one of the easiest “cover ups” an attacker can use, to hide their malicious activity from the user, is to set up some mail rules to simply move the offending emails somewhere else where they will not be noticed.

Checking rules is not something anyone regularly does so this could turn into a “forever breach” as described in the article. However that is where the team at Octagon Technology can help – they have a method to mitigate against this problem.

Clive Catton MSc (Cyber Security) – by-line and other articles