Office 365 - inbound rules for phishing attack

Question

Hi,
One of our user has fallen in a phishing email trap and supplied his Office365 username and password to fake Office365 Sharepoint website thinking it was our company intranet webpage.
&nbsp;
For outgoing emails from our domain and ensure that they would halt any future incident as such where it must stop such spreading of Spam emails and request approval for Postmaster to verify the legitimacy of such emails before allowing them to continue to be sent.
&nbsp;
Kindly please advise is there any inbound rules need to configure to stop relaying the email internally.

vasilmichev · Answer

If I understand correctly what you are trying to achieve, you should configure a Mail flow rule with Moderation action.

shahul minhajudeen · Answer

Hi&nbsp;Vasil,
&nbsp;
We would like to monitor the internal users in our domain from sending large number of email while phishing attack happens.
&nbsp;
Regards,
Shahul.

deleted · Answer

There are many ways to monitor phishing emails. rather than you monitoring the outgoing emails for phishing attack you can monitor the incoming emails for the same.
&nbsp;
you can create similar rules and mark a copy of a suspicious email to you
&nbsp;
If the message...'Authentication-Results' header contains ''spf=fail' or 'spf=hardfail''and sender's address domain portion belongs to any of these domains: 'yourprimarydomain.com'and Is received from 'Outside the organization'Do the following...Prepend the subject with '[Possible Spoofed/Phishing Email]'and Redirect the message to 'your email address'

Forum Discussion

Office 365 - inbound rules for phishing attack

Share

Resources