Attackers can hide in plain sight using hidden Outlook rules are a quiet way attackers maintain access to a compromised mailbox and run Business Email Compromise (BEC) scams. These rules can forward, hide, or delete messages so attackers intercept invoices, payroll changes, and payment approvals without alerting the victim. Check Outlook on the web and in the desktop app for rules that forward mail externally, move invoices or bank messages to odd folders, delete messages, or mark them as read.
3 quick rules to watch for:
- External forwarding to outside domains (forwards invoices/payments).
- Move-to-folder rules targeting finance keywords (invoice, payroll, wire).
- Delete or mark-as-read rules for vendor/finance messages.
If you see anything suspicious, reach out to Bernie Orglmeister at support@skyviewtek.com or call 610 590 5006. ☎️