Hi all. Firstly I had a scam email supposedly from my father in law I knew it was a scam( basically asking to buy gift card etc.) and deleted it. However it seems this email went to a lot of his contacts, after logging on to his email via his desktop the btmail mail page kept flagging up that Auto Forwarding had been activated once we found it in settings there was a unusual email address for forwarding emails, so we have deleted that address and unchecked the box for Auto Forwarding. How could anyone have got into his email to be able to do this and add this forwarding email address. Hopefully we have changed this setting in time before to many emails have been forwarded, and should he now change his password for email access.. Also after deleting this dodgy email address the BT mail page still says that auto forwarding has been changed,which we know it has but it was showing the dodgy email address, which it now doesn't mention the email now but keeps flagging up settings changed...
It would apear that the account was hacked and forwarding set up.
Email accounts can be hacked in any number of ways so it is imposible to say how his account was hacked.
You need to remove any forwarding email addresses and after doing that change the email account password.
I would also suggest changing banking passwords etc as well as contacting the bank and any other company to advise them of the hacking.
The banner that flashes up is to alert the account holder that forwarding or a rule has been set up or changed per chance the account holder was not responsible for doing that such as in the case when it was done by a hacker or other person without authority.
It flashes uo for a few days so as to try and ensure the account holder sees it. It can not be turned off.
His contact list will have been stolen hence they are receiving emails purporting to be him in order to dupe his contacts into feeling it is genuine and respond to the email which in turn would be forwarded to the hacker.
All he can do is advise his contact about the hack and be aware that any emails from that adddress may be a scam.
I have just seen this exact issue with my neighbour who asked for help after realising that he wasn’t receiving any emails.
I don’t understand how email forwarding can be turned on like this without informing the user via SMS (like you get for a password change)? It also seems coincidental that this has happened soon after the switch over to the new email system.
We have changed passwords and turned off the auto forward setting, but I will be recommending he migrates away from using BT email as there seem to be gaps in the security.
BTmail is as secure as any other email service.
Most accounts are hacked by either clicking on a link in an email sent by a scammer and verifying their email account or such like or by the user giving out their password to a scammer who called them.
Does your friend have 2 factor authentication turned on which alert him if the account was being used from an unknown device. This would have been done via a text
@gg30340 thanks for replies, I will get the 2FA set up for my father in law as he probably hasn't got that and advise him to change his password.
Thanks for replies…
I will check if 2FA is setup. He received a text message when we changed password so his mobile number is linked which is a good start.
He uses Outlook for email and rarely logs into the web interface, so he would not see that warning about the forwarding being setup. Would be really helpful if this was also warned about via a text message!
@gg30340 Am I right in thinking the 2FA option only applies to the BT ID account and not necessarily the BT email account?
BT's 2 FA works on BTMail accounts with the exception of BTMail Basic accounts.
Two-step authentication | BT Help
EDIT: To save repeating things please see message 5 in the following link in case it applies to your friend.