Email forwarding traps attackers use

Attackers often hide forwarding rules and filters so you don’t notice.

Quick checklist

• Check forwarding addresses and auto-forward settings.
• Review filters/rules that archive or auto-delete security emails.
• Look for unknown connected apps or OAuth permissions.
• Rotate recovery options and app passwords if supported.
• Change password and sign out all devices.
• Enable MFA and review trusted devices.

Related guides

• How to sign out of everything fast (without missing sessions)
• Phone lost: what to do in the first 30 minutes
• Shared computer safety checklist
• MFA basics that actually help

Open tools Back to guides

Reminder: Use official account security pages and support channels when in doubt.