If you suspect your email account may have been compromised or someone may have gained unauthorized access to it, you may need to review your email filters.
Attackers will create email filters to hide their tracks from the owner of the email account. This can involve sending emails with certain keywords to trash, therefore bypassing the inbox so that the owner does not see it. It can also involve forwarding emails that might contain sensitive information to an outside account.
In one phishing email instance, attackers created the following filters to hide any security alerts about their password compromise from the owner of the email account.
To check your email filters:
- Open your email in a web browser.
- At the top right, click the gear icon (Settings), and then See all settings.
- Click Filters and Blocked Addresses.
- Review the filters listed.
- If there are filters you do not recognize, click Delete to remove the filter.