Botnet attack via email

%3CLINGO-SUB%20id%3D%22lingo-sub-879227%22%20slang%3D%22en-US%22%3EBotnet%20attack%20via%20email%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-879227%22%20slang%3D%22en-US%22%3E%3CP%3EHey%20guys%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20got%20a%20bit%20of%20a%20strange%20issue%2C%20to%20me%20it%20appears%20that%20one%20of%20our%20users%20are%20being%20attacked%20via%20a%20botnet%20as%20thousdans%20of%20emails%20are%20being%20sent%20though%20to%20a%20single%20mailbox.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20tried%20to%20impliment%20some%20rules%20%2F%20addadional%20spam%20filters%20to%20reduce%20the%20number%20reaching%20the%20inbox.%20This%20has%20mostly%20worked%2C%20however%2C%20there%20are%20still%20a%20few%20which%20are%20being%20passed.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20just%20wanted%20to%20see%20what%20procedures%20you'd%20recommend%20or%20if%20there%20is%20anything%20I'm%20missing%20fromwithin%20Exchange%20Online.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESome%20extra%20details%3A%3C%2FP%3E%3CUL%3E%3CLI%3ELicence%20-%20O365%20Business%20Preimum%3C%2FLI%3E%3CLI%3ESingle%20user%20out%20of%2020%20mailboxes.%20Ideally%2C%20we'd%20not%20change%20the%20email%20address%20and%20try%20to%20address%20the%20spam.%3C%2FLI%3E%3CLI%3EThe%20user%20had%20clicked%20on%20a%20phishing%20link%20last%20week%2C%20which%20has%20probs%20made%20them%20a%20target%3C%2FLI%3E%3CLI%3EMutiple%20domains%20being%20used%20to%20send%20though%20the%20spam%3C%2FLI%3E%3CLI%3EMutiple%20IPs%20being%20used%20around%20the%20world%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-879227%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOutlook%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Contributor

Hey guys,

 

I've got a bit of a strange issue, to me it appears that one of our users are being attacked via a botnet as thousdans of emails are being sent though to a single mailbox.

 

We have tried to impliment some rules / addadional spam filters to reduce the number reaching the inbox. This has mostly worked, however, there are still a few which are being passed.

 

I just wanted to see what procedures you'd recommend or if there is anything I'm missing fromwithin Exchange Online.

 

Some extra details:

  • Licence - O365 Business Preimum
  • Single user out of 20 mailboxes. Ideally, we'd not change the email address and try to address the spam.
  • The user had clicked on a phishing link last week, which has probs made them a target
  • Mutiple domains being used to send though the spam
  • Mutiple IPs being used around the world

 

0 Replies