Email scams can modify rules in Microsoft Outlook

Submitted by Information Security

The UT Health San Antonio community is advised to watch out for phishing scams that have been on the rise. The recent attack comes in the form of emails. These emails prompt you to click on malicious links or install malware that automatically adds rules that tell Microsoft Outlook to forward a copy of every incoming or outgoing email to the attacker.

Here are some of the most common indicators that an email is likely a scam or attempted cyberattack:

  • Any message that communicates a tremendous sense of urgency and attempts to rush you into clicking a link or transmitting confidential or sensitive information.
  • Any message pressuring you to bypass or ignore security policies and procedures. Commonly, phishing messages will urge you to click on a link or reply within a short time frame before locking or terminating your account and deleting your data.
  • Any message requesting your password and other private information should be flagged as suspicious since cybercriminals are actively targeting your credentials.
  • Hover your mouse over suspicious links in the email to verify a hyperlink destination before clicking it to make sure it is going to an expected website. It is always a good idea to verify hyperlink destinations before clicking. Taking this one small step is one of the greatest and easiest ways to protect yourself.
  • Be very suspicious of unexpected emails that pretend to be from a university official or member of a government organization urging you to take immediate action. Attackers can be very bold and may attempt to call or send increasingly threatening messages. Contact the university official or government organization directly if you have the slightest concern about the validity of the email content.

Report any suspicious email to or use the Phish Alert button in Outlook. Instructions on how to do this, along with a very good review of phishing defense and prevention can be found at

If you happen to click on a malicious link and think your email may have been compromised or you are witnessing oddities in Outlook like disappearing emails or your calendar is not syncing, follow the steps below to protect your data and contacts:

  1. Contact your IT Partner or the IMS Service Desk at 210-567-7777 (option 1) to inform them of the issues you’re experiencing in Outlook.
  2. Immediately change your password.
  3. Check for illegitimate Outlook email rules and delete them by following the instructions on Microsoft’s web page: Manage email messages by using rules.
  4. Close Outlook, reopen and look at the bottom banner for: “All folders are up to date.”
  5. Contact Information Security ( to scan your computer.

For technical support, contact your IT Partner or the IMS Service Desk at 210-567-7777, option 1.

Share This Article!