Forum Discussion
How to stop internal spam mail?
I would suggest taking the persons computer offline while you fix it (generally a format & re-install is the best way to deal with a virus).
The other thing you can do is create an Exchange Transport Rule that prevents that particular user from sending an email to anyone inside or outside the organisation if it has particular words like those found in the email.
- Grace YinJan 24, 2018Iron Contributor
Hi Loryan,
Thank you for your reply. It seems it is a phishing email. It lures user to click a link in the email and lead user to put email user name and password on the bad site.
I noticed if the email from the external mailbox, the mail will be blocked in Junk Mail folder, but if the spam mail from internal mailbox, it won't be filtered. How to address the internal user send spam mail issue? Does people filter the internal exchanged emails?
Thanks,
- Jan 24, 2018You have a breached device - take it off the network and wipe it.
To restrict emails internally you can use Exchange Transport Rules as I mentioned in my previous response.- AnonymousJan 24, 2018
We had a scenario recently that a persons 365 account password was hacked. The hacker logged remotely onto their Outlook and were sending emails to all this persons contacts. Phishing for others to enter their details.
They even responded when asked is this email legit ...
We checked/wiped the persons machine/Took it off the network, still emails were coming. But wasn't until we changed their password and made it more complex did it stop.
Then someone else had the same issue ... changed password, it stopped. Force a change of password for everyone on the Domain.
Have had the machine review via Security Company ... nothing was discovered. So wasn't the machine.
AD Azure logs indicated it was a person logging in from small town in USA.
We were really lucky it wasn't worse.
PS. They also added a rule into the users Outlook to send to delete all new incoming emails. Only found that as a result of searching the AD Azure logs.