Issue link: http://palletcentral.uberflip.com/i/1475336
18 PalletCentral • July-August 2022 palletcentral.com SCAM ALERT By Carrie Kerskie Security in an Insecure World R ecently, when replying to a client's email, I received an "email undeliverable" response saying that their mailbox was full. However, upon closer review, the email address mentioned didn't belong to my client. I called the client to see if he received my reply. He said "yes." I then asked him if he was familiar with the email address listed on the undeliverable response, to which he said "no." From this we knew his email address was compromised, but how? We checked the obvious areas first: 1. Malware on his device – nope – he uses a MacBook 2. Email forwarding activated in his Outlook account – nope – not activated 3. Sign-in history – all looked good, nothing suspicious As a last step, we changed the client's email account password. I then sent him another email. Sure enough, I received the same undeliverable email from the unknown email account. Further review of the undeliverable email led me to suspect that since email forwarding was not the problem, perhaps there was an email rule activated. I had the client, once again, go to Outlook settings and check for "rules." Two rules were listed. e first one related to a company he previously corresponded with by email. e second rule had a similar name as the first rule; however, this rule was set to send all received email to another email address, the same email address listed in the undeliverable message I received. BINGO, that's it! I had the client terminate, delete, both rules. Once there were terminated, I sent the client another email. is time, I didn't receive the undeliverable email reply. at meant his emails were no longer being sent to an unknown email address. But how were the rules added to his Outlook email account? Since the rules were associated with a business, he called them and asked if they were aware of any email or network issues. ey said that last year they DID have an issue. ey were infected by one of their suppliers. Was this the source of the client's email compromise? All evidence points to that being the source. iStockphoto.com/Andrey Suslov