The security posture of an email mailbox is essential to security hygiene to prevent phishing attacks, account hijacking and spreading of malware. A strong indication of threat lies in the forwarding rules of a mailbox as attackers will forward emails to an external account for several reasons; data exfiltration (PII, PCI, etc), trigger/intercept password resets, trigger/intercept MFA, wire fraud. etc. By identifying any mailbox rule changes that could indicate this type of intent, Guardz generates a high risk security issue to admins with remediation options to secure the account. This could also be a strong indicator of account compromise which would lead to other security steps for specific users.