Checking your Email Account for Forwarding

News: Find out how to check if your email account has been forwarded and possibly compromised.

Why this is important for security

When an email account is compromised we regularly discover that the hacker has set up a forward in the account. This forward sends your email to the hacker's account. Anytime your email account has been compromised or your email password has been exposed (for example, through a phishing email), you should check to make sure a forward hasn't been set up. Each email system handles forwarding differently.

If you do find that your account has an unwanted forward, email security@ucsd.edu, describing what you found and then remove the forward as described below.

How to check for forwarding

There are many ways that forwarding or redirecting of email can be set.

Student account

Go to http://acms.ucsd.edu/students/email/redirect.html (See student email information.)

Gmail account

1. Within your Gmail account, go to the configuration gear.
2. Click Settings.
3. Click the Forwarding and POP/IMAP tab.
4. Check the Forwarding: section for unexpected entries.

5. Remove or change the entry to the correct email address.

Exchange

1. Connect to your email using Outlook Web Access (OWA) at mail.ucsd.edu.
2. Check your signature line for information and links that are not yours.
3. Check your OWA rules for actions that you don’t recognize. These are often used to filter messages or forward to the hacker’s account.

4. Remove any entries that are incorrect.

Do not hesitate to reach out to your departmental computing support professionals or the ITS Service Desk for more assistance.