Forum Discussion

wroot's avatar
wroot
Silver Contributor
Jul 25, 2018
Solved

Suspicious emails not blocked

Usually Exchange Online spam filter is quite good on filtering spam and emails with malicious links. But one user has received fake "Mail Validation" email with Office 365 logo and links going into s...
  • wroot's avatar
    wroot
    Aug 01, 2018

    Every email had the same IP address of a sending device, some Windows box with default computer name (DESKTOP-blabla). I've been advised to create a mail flow rule to block emails from this IP and so far the user is not receiving them.

wroot's avatar
wroot
Silver Contributor
Jul 29, 2018

An example of such email:

 

 

wroot's avatar
wroot
Silver Contributor
Jul 30, 2018

Headers of this last message:

Authentication-Results: spf=pass (sender IP is 40.107.2.103)

smtp.mailfrom=abconkenya.com; esf.lt; dkim=pass (signature was verified)

header.d=AbconKenya.onmicrosoft.com;esf.lt; dmarc=bestguesspass action=none

header.from=abconkenya.com;

Received-SPF: Pass (protection.outlook.com: domain of abconkenya.com

designates 40.107.2.103 as permitted sender) receiver=protection.outlook.com;

client-ip=40.107.2.103; helo=EUR02-VE1-obe.outbound.protection.outlook.com;

Received: from EUR02-VE1-obe.outbound.protection.outlook.com (40.107.2.103) by

DB5EUR01FT060.mail.protection.outlook.com (10.152.5.232) with Microsoft SMTP

 

We havfen't found a way to report phishing in Oultook (aside of regular Junk mail settings), so we have reported it via OWA (a few last messages).

  • Mother_Seeks_Justice's avatar
    Mother_Seeks_Justice
    Copper Contributor
    Sep 20, 2022

    wroot I was curious since these responses are dated back to 2018, have you been able to learn how to report such phishing? I’m the victim of cyberabuse with the abuser continuously and maliciously using any form to harass. With that being said, I received just the other day, Sept. 2022, the exact same phishing email message header BUT the email itself was from the individual due to having children together. The email body was of a normal message but knowing his history of hacking I analyzed the email and it came back exactly what this discussion was about to a ‘T.’ I know he’s a hacker, has hacked many of my accounts, he’s violated a restraining order on many occasions, how can I report this and is there any way anyone reading this knows how I can prove the hacking?? He’s escalating and that puts me at a high risk for my safety and our children’s. Please if someone can help me find ways to prove and use to hold him accountable, it would be much appreciated. 

  • wroot's avatar
    wroot
    Silver Contributor
    Aug 01, 2018

    Every email had the same IP address of a sending device, some Windows box with default computer name (DESKTOP-blabla). I've been advised to create a mail flow rule to block emails from this IP and so far the user is not receiving them.