Possible Phishing using via

CsimpsonRUS phishing, spam and other malicious stuff via email can be most effectively dealt with via the following 2 techniques.

1. You should really invest time in performing sender authentication on your mail flow. Read about SPF, DKIM and DMARC. Example: https://blogs.technet.microsoft.com/fasttracktips/2016/07/16/spf-dkim-dmarc-and-exchange-online/ Most importantly, don't forget that your SPF in soft fail state is basically no protection at all. Make sure it is in hard fail "-" state. Also implement DMARC in combination with SPF to make sure only senders can send as your domain. It is important to implement them both as it is child play to spoof/impersonate domains and senders.

2. Implement mail security for zero-day and other advanced malware techniques. There are tons of 3rd party providers out there and also Microsoft offers Advanced Threat Protection for email security.