Forum Discussion
Scammers always know about our new users
We are a small business with only about 30 users and our tenant was created back in 2014.
Whenever we get a new employee they will start getting scam emails within about 24 hours of being configured. The scammers know both their email address and the full name.
Is there some kind of public address book they are using to get this information and can we disable it?
Thanks for any help!
Hi richardlister13,
your problem of new employees receiving scam emails shortly after joining your system most likely comes from data breaches and leaks.
Scammers acquire email addresses and names through these breaches for malicious purposes. Here's a detailed breakdown of how this happens:- Data Breaches and Leaks: Over the years, data breaches have exposed sensitive user information, including email addresses and names. This compromised data is often traded or sold on the dark web, making it accessible to scammers.
- Dark Web and Underground Markets: Scammers frequently procure these breached data sets from the dark web or underground markets, where they can easily access vast amounts of personal information.
- Automated Tools: Scammers employ automated tools and scripts to scour the internet for email addresses linked to specific domains, like your company's. Once they compile a list of valid email addresses, they pair them with publicly available names.
To try to minimize this issue, you can take the following measures:
1. Email Security: Enhance email security with robust spam filters, antivirus scans, and email authentication protocols like SPF, DKIM, and DMARC.
2. Data Leak Monitoring: Regularly monitor the internet and the dark web for any data leaks associated with your company's email addresses and personal information. (for example: Have I Been Pwned: Check if your email has been compromised in a data breach)
3. Multifactor Authentication (MFA): Enable 2FA for email accounts and other sensitive systems to bolster security.
4. Incident Response Plan: Develop a robust incident response plan to address potential data breaches promptly.
While it's challenging to completely prevent such incidents, these measures should significantly reduce the risk of new employees being targeted by scammers shortly after their email addresses are configured.
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
(LinkedIn)Hi richardlister13 ,
It sound like someone else are able to view your account.
Do you and your team members change the password frequently? Recommend change every 90 days.
Do you and your team members apply MFA (Multi-factor authentication) to the account? Recommend this to prevent account compromising.
Do you enabled auto-forwarding to external for everyone? (By default it should already blocked in outbound policy) Double check if this is on and is there any user email being auto-forwarded to unknown addresses.
Do you have multiple user holding the admin role? It might due to admin account compromised.
Do you have any distribution list that accept external email? It can be from external email goes to the distributions list.*Same case happen to my customer whenever they have new account created, after few days the user will received spam and phishing mail.
End up the tracing show it was actually email goes into a distribution list where the new staff are assigned in, all the spam, phishing mails he received. Better choose a unique group ID instead using common ID like allstaff@, staff@, all@ and etc.
Meanwhile, you may consider to apply Microsoft 365 Defender for O365 Plan1, you can set the phishing policy and reduce phishing/spoof mail to your user.
