Forum Discussion

richardlister13's avatar
richardlister13
Copper Contributor
Oct 24, 2023

Scammers always know about our new users

We are a small business with only about 30 users and our tenant was created back in 2014.   Whenever we get a new employee they will start getting scam emails within about 24 hours of being configu...
admin
Identity
Johnny Ang's avatar
Johnny Ang
Copper Contributor
Oct 24, 2023

Hi richardlister13 ,

 

It sound like someone else are able to view your account.

 

Do you and your team members change the password frequently? Recommend change every 90 days.

Do you and your team members apply MFA (Multi-factor authentication) to the account? Recommend this to prevent account compromising.

Do you enabled auto-forwarding to external for everyone? (By default it should already blocked in outbound policy) Double check if this is on and is there any user email being auto-forwarded to unknown addresses.

Do you have multiple user holding the admin role? It might due to admin account compromised.
Do you have any distribution list that accept external email? It can be from external email goes to the distributions list.

 

*Same case happen to my customer whenever they have new account created, after few days the user will received spam and phishing mail.

 

End up the tracing show it was actually email goes into a distribution list where the new staff are assigned in, all the spam, phishing mails he received. Better choose a unique group ID instead using common ID like mailto:allstaff@, mailto:staff@, all@ and etc.

 

Meanwhile, you may consider to apply Microsoft 365 Defender for O365 Plan1, you can set the phishing policy and reduce phishing/spoof mail to your user.