Push icon
  • Product
  • Use cases
    SaaS discovery
    SaaS discovery
    Detect SaaS apps that employees are using in your company.
    Risky third-party integrations
    Risky third-party integrations
    Nudge employees to remove unused third-party integrations.
    Malicious mail rule detection
    Malicious mail rule detection
    A strong indicator of compromise. Detect and respond automatically.
    Automated MFA deployment
    Automated MFA deployment
    Use ChatOps to automatically nudge employees to enroll.
  • Pricing
  • Blog
  • About
Detect malicious mail rules
Scan your employees' mailboxes in under two minutes to detect phishing campaigns
Discover malicious mail rules
Scan mailboxes in less than two minutes.

No credit card required

  • Find suspicious and malicious mail rules that result from phishing attacks.

  • Take action directly from the Push platform to prevent business impact.

  • Get instant detection and response capability to stop future attacks.

Malicious mail rule dashboard

What's a malicious mail rule?

A common attack technique where mail rules are created inside a user's mailbox to perform malicious actions, like forwarding emails to an external address. Although companies can be targeted directly, it's often opportunistic, where a rule is created automatically after a successful phishing campaign, malware infection or account compromise. 

Scan all employee mailboxes in under 2 minutes

Connect Microsoft 365 or Google Workspace to get instant visibility into all mail rules within employee mailboxes.

Get instant insights about whether the rules are legit, suspicious, or malicious.

Malicious mail rules landing page - image 1

Take action directly from the Push platform

Use ChatOps (Slack and Teams) to automatically ask the owner of the mailbox about a suspicious mail rule. Push asks employees whether a rule seems strange or if it's something they set up intentionally so we can tell you whether the rule is malicious or safe.

Disable or delete malicious rules based on their response to prevent business impact, right from the platform.

Malicious mail rules landing page - image 2

Get real-time detection and response capabilities

We immediately notify employees when a new rule is created in their mailbox. They know whether they've just set up a rule to forward work email to their personal email. If the mail rule wasn't created by them, it's suspicious and possibly malicious.

Push automatically disables rules employees don't recognize and notifies you so you can take immediate action to prevent further compromise.

No SIEM or any other detection infrastructure is required. Keep it simple.

Malicious mail rules landing page - image 3
Supported SaaS platforms
Google Workspace logo
Google Workspace
Microsoft 365 logo
Microsoft 365

Use cases

  • SaaS discovery illustration

    SaaS discovery

    Detect SaaS apps that employees are using in your company.

  • Risky third-party integrations illustration

    Risky third-party integrations

    Nudge employees to remove unused third-party integrations.

  • Malicious mail rule detection illustration

    Malicious mail rule detection

    A strong indicator of compromise. Detect and respond automatically.

  • Automated MFA deployment illustration

    Automated MFA deployment

    Use ChatOps to automatically nudge employees to enroll.

Latest blog posts

  • 4 min read

    Email security: How hackers use mail rules to access your inbox

    After phishing campaigns target Office 365 and Google Workspace users, malicious mail rules are automatically added to the user’s mailbox. Take steps to defend.

    Andy Waugh
    Andy Waugh
    10 Jun 2021
    • Email security
  • 4 min read

    Should you disable external email auto-forwarding?

    External email auto-forwarding is a feature but also a risk; learn whether you should disable it, and, if you can't, how to manage the risk through detection.

    Andy Waugh
    Andy Waugh
    3 Jun 2021
    • Email security
  • 3 min read

    Case study: Business Email Compromise (BEC) attack nearly cost us millions

    A story by the owner of an Engineering company on how they almost lost millions from a Business Email Compromise (BEC) style attack. An interesting BEC example.

    Tyrone Erasmus
    Tyrone Erasmus
    14 Jun 2021
    • Case studies
    • Email security
Subscribe to get updates from Push

The latest news, articles, and resources, sent to your inbox.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
push logo
Product
  • Overview
  • Pricing
Use cases
  • SaaS discovery
  • Risky third-party integrations
  • Malicious mail rule detection
  • Automated MFA deployment
Push
  • Team
  • Investors
  • Contact
  • Careers
Assurance
  • Privacy policy
  • Cookie policy
  • Terms
  • Sub-processors
© Push 2022. All rights reserved.
cyber essentials logo
You're offline. Waiting to reconnect.