If your mailbox has been compromised, you may not even be aware of it. A common method of fraud is to crack the password of a mailbox and then add an email forwarder so that a copy of all mail is forwarded to an illegitimate address.
Perform the following safety checks regularly:
- Change your mailbox password
- Check for illegitimate mail forwarders
Access your Mailbox:
- Browse to the Webmail login page (https://webmail.konsoleh.co.za)
- Login with your full email address (eg. firstname.lastname@example.org) and email password. (passwords are case-sensitive)
- Click on the Settings icon (cog) at top right
- Choose Settings > Manage Mailbox
- Log in using the same login details as earlier
- Under the Forwarders section, check that any email addresses listed here are legitimate.
- To remove a forwarder, delete the email address
- Ensure that no private information, such as the password, are listed under User Note
- Click on Update Mailbox at the bottom of the page
- Choose Settings > Filters
- The Filter set is Roundcube
- Under Filters check that any filters here are legitimate. The details of the filter are reflected in the right pane
- To delete a filter, click the cog icon at the bottom of the Filter pane and select Delete
Forwarders can also be managed within the Manage Accounts tool in konsoleH, and is convenient for managing all mailboxes for a domain. Note, though, that mail filters cannot be viewed here.
- Browse to konsoleH and log in
- Access the Hosting Services tab on the relevant domain
- Select Mail from the left-hand menu
- Select Manage Accounts
- The main window will display all the active email accounts already in use for the domain
- The + Forward fields (numbered 2 to 6) allows you to forward a copy of all emails received to an external email address that is unrelated to your domain. Check that any forwarders listed here are legitimate.
- To delete a forward, click Edit in the relevant row, then remove the email address listed
- Click Save
Financial email addresses are often at risk, such as email@example.com or firstname.lastname@example.org, but this could happen to even the most innocent looking email address. Typically the mailbox would be monitored for any financial information that can be accessed and used fraudulently.
An invoice from a supplier could be intercepted in this way. The invoice is then fraudulently updated with the hacker’s banking details, and resent. Such an email would look legitimate and result in financial loss.
Even updating the mailbox to a strong password won’t remove any current forwarders, so it is important to check for forwarders when updating the password on a regular basis.