Hi Guys
New here and quite savvy re IT. I had a call from my friend saying his email account had been hacked so logged into him remotely to have a look. I had to reset his password so I did that ok. I then checked his inbox and had this come up...
I went to mail forwarding and saw that this was turned on with a bogus gmail address to forward to. I deleted the gmail address and turned off mail forwarding. logged out and back in and he started to get some emails. I went back to look at the mail forwarding as the same message popped up and it was back again with the same bogus gmail address??. I have now set two factor authentication on and also changed the security question and have again reset the password. So I think I have covered everything regarding ensuring all the security precautions are in place.
The problem is that this mail forwarding keeps re enabling every 10 minutes or so. The hacker is not logging in to change it as we would know by the 2 factor authentication as my mate would get a text with the 4 digit key. Other people on this community have had this and I cant seem to find a solution to stop this re enabling. It has to be something set up within his account that is auto checking and turning it back on. Any help here appreciated Guys
Thanks Steve