An attacker who briefly gets into your email can set a forwarding rule. From that moment on, copies of every message you receive go to an address they control. You may not notice for months.
The rule is invisible in normal use. Your inbox looks the same. The forwarded copies arrive somewhere else without any indication on your side. The attacker no longer needs to be in your account to keep reading your email.
What they read is significant. The messages from your bank. The confirmations from your travel agent. The notes from your lawyer. The threads with your family. Each of these gives away information they can use for the next thing, whether that thing is another account, an impersonation of you to a third party, or a fraud against someone who trusts you.
Open the settings on each email account and look at the list of forwarding addresses and filter rules. Anything not set by you is a problem. Remove it, change the password, turn on multi-factor authentication if it is not already on, and check recent login activity for unfamiliar locations.
·
The desk includes this kind of check in any work it does on your email setup, and watches for new forwarding rules being added later.
More from the desk
How the desk reads a name against everything else
Hedge fund participation and the disclosure threshold
Private credit positions and the records they create
Phishing aimed at people with something to lose
Why the desk reads the quiet records as carefully
How a private placement reaches the record