Forum Discussion

Grace Yin's avatar
Grace Yin
Iron Contributor
Jan 24, 2018

How to stop internal spam mail?

Hi,

 

In the past two days, we kept receiving spam mail from our internal (same domain) user account, but they were from different users and sent to different distribute groups in our company. We checked the internet head, they are from our O365 mail server IP address. We first think the sender's computer might be hacked so we changed the sender's password, but today another user send out the same spam. My question is how to stop it? I worry another spam will be sent out tomorrow. Is there internal spam filter we should set up?

 

The spam email content is like below. There is link for "UPDATE EMAIL".

 

"

  You may no longer have access to your office365 email account because your email account has exceeded it's mail quota on the database server. If you want to continue using your office365 account, please verify your account to continue using your email service. Update through the link below.

 

                UPDATE EMAIL

 

       Sincerely,

   Information Technology."

 

Need help! Thanks in advance!

office 365
  • Loryan Strant's avatar
    Loryan Strant
    MVP
    Jan 24, 2018
    If they are hacked, changing their password won't help as it's probably too late and something is infected.
    I would suggest taking the persons computer offline while you fix it (generally a format & re-install is the best way to deal with a virus).
    The other thing you can do is create an Exchange Transport Rule that prevents that particular user from sending an email to anyone inside or outside the organisation if it has particular words like those found in the email.
    • Grace Yin's avatar
      Grace Yin
      Iron Contributor
      Jan 24, 2018

      Hi Loryan,

       

      Thank you for your reply. It seems it is a phishing email. It lures user to click a link in the email and lead user to put email user name and password on the bad site.

       

      I noticed if the email from the external mailbox, the mail will be blocked in Junk Mail folder, but if the spam mail from internal mailbox, it won't be filtered. How to address the internal user send spam mail issue? Does people filter the internal exchanged emails?

       

      Thanks,

       

      • Loryan Strant's avatar
        Loryan Strant
        MVP
        Jan 24, 2018
        You have a breached device - take it off the network and wipe it.
        To restrict emails internally you can use Exchange Transport Rules as I mentioned in my previous response.

Resources