Like many of us, I’ve become the family IT person for a lot of situations. My grandpa got hit with a pretty good (“good”) scam lately that I’ve had to clean up.

His email password was taken, and a bunch of us in the family got emails from him asking for Amazon gift cards (a classic), so we told him to change his password and hoped that was the end of it.

But, soon after, he noticed that he wasn’t getting any emails anymore. After getting on a call with him and logging into his account, I noticed that there was email forwarding set up that was very well-hidden.

His email, let’s say it’s johnsmith@something.com, was being forwarded automatically to johnsmith1@gmail.com, and the name of the forwarding was titled “Default Forwarding”. Whoever changed that was clever enough to hide it behind that word “Default” and there was no way my grandpa would have found that.

Then, after looking at the emails that his account sent, they all had a “reply-to” set up to johnsmith1@outlook.com, and that email was also set up as his new 2-factor-auth email.

So, no matter what, with these two fake emails, the folks hacking my grandpa’s email would have gotten the responses to him. Luckily we were able to get those removed and everything cleaned up, but that was pretty spooky.

So, next time you’re doing family IT fixes, don’t just have them change their passwords, but check the settings around their accounts, too!