Home

hit with phishing email today

%3CLINGO-SUB%20id%3D%22lingo-sub-139670%22%20slang%3D%22en-US%22%3Ehit%20with%20phishing%20email%20today%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-139670%22%20slang%3D%22en-US%22%3E%3CP%3EAnyone%20else%20get%20hit%20with%20a%20large%20scale%20phish%20emails%20today%3F%20We%20got%20hit%20around%20noon%20ET.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20subject%20was%26nbsp%3BMail%20deactivation%20request%20(Case%20ID%3A%208788)%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EMost%20our%20sites%20are%20closed%20today%2C%20but%20from%20the%20users%20we%20did%20talk%20it%20it%20hit%20everyone%20and%20the%20subject%20was%20the%20same.%20Odd%20thing%20is%20I%20went%20back%20this%20afternoon%20to%20check%20the%20header%20and%20the%20emails%20seem%20to%20be%20gone.%20Wondering%20if%20MS%20deleted%20them%20out.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20is%20the%20second%20or%20third%20time%20it%20has%20happened%20this%20half%20of%20the%20year%2C%20wondering%20what%20others%20are%20seeing%20and%20how%20they%20have%20their%20filtering%20rules%20setup.%20I%20can't%20believe%20microsoft%20doesn't%20have%20reporting%20spam%20and%20phishing%20built%20into%20outlook%20yet.%20The%20addon%20I%20Found%20was%20over%20a%20year%20old%20and%20not%20deployed%20from%20the%20store%20it%20was%20a%20MSI%20with%20other%20requirements%20%3A(%3C%2Fimg%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOur%20users%20are%20reporting%20the%20'block%20sender'%20is%20not%20working%20for%20them.%20All%20our%20mailboxes%20are%20on%20o365%20and%20we%20have%20outlook%202016....%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%20for%20listening%20to%20me%20ramble.%20Have%20a%20great%20Christmas.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Ejb%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-139670%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3E2016%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOutlook%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-139962%22%20slang%3D%22en-US%22%3ERe%3A%20hit%20with%20phishing%20email%20today%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-139962%22%20slang%3D%22en-US%22%3EThank%20you.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-139960%22%20slang%3D%22en-US%22%3ERe%3A%20hit%20with%20phishing%20email%20today%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-139960%22%20slang%3D%22en-US%22%3E%3CP%3Ewe%20created%20a%20custom%20transport%20rule%20and%20used%20most%20of%20the%20Regex%20included%20here%2C%20as%20well%20as%20some%20custom%20suspicious%20phrases.%20Redirecting%20anything%20that%20matches%20to%20IT%20Security%20for%20release.%20We%20have%20had%20to%20add%20exceptions%20for%20a%20lot%20of%20our%20proprietary%20business%20mail%2C%20but%20this%20has%20definitely%20helped%20to%20protect%20our%20base.%20Caught%20about%2030%20Phishing%20emails%20over%20Christmas%20break.%20%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FSwiftOnSecurity%2FPhishingRegex%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FSwiftOnSecurity%2FPhishingRegex%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Jason Benway
Contributor

Anyone else get hit with a large scale phish emails today? We got hit around noon ET.

 

The subject was Mail deactivation request (Case ID: 8788) 

 

Most our sites are closed today, but from the users we did talk it it hit everyone and the subject was the same. Odd thing is I went back this afternoon to check the header and the emails seem to be gone. Wondering if MS deleted them out.

 

This is the second or third time it has happened this half of the year, wondering what others are seeing and how they have their filtering rules setup. I can't believe microsoft doesn't have reporting spam and phishing built into outlook yet. The addon I Found was over a year old and not deployed from the store it was a MSI with other requirements :(

 

Our users are reporting the 'block sender' is not working for them. All our mailboxes are on o365 and we have outlook 2016....

 

Thanks for listening to me ramble. Have a great Christmas.

 

jb

2 Replies

we created a custom transport rule and used most of the Regex included here, as well as some custom suspicious phrases. Redirecting anything that matches to IT Security for release. We have had to add exceptions for a lot of our proprietary business mail, but this has definitely helped to protect our base. Caught about 30 Phishing emails over Christmas break. https://github.com/SwiftOnSecurity/PhishingRegex

 

Thank you.
Related Conversations
Email Domain for Posts to a Channel
Jim Hill in Microsoft Teams on
17 Replies
iOS Native VS Outlook
Daniel Schmidt in Microsoft Intune on
7 Replies
Receiving emails is delayed
Kristen_100 in Microsoft Teams on
1 Replies
Use Out of Office without sending email
Ed Leeuwen van in Outlook on
2 Replies
Question Restrictions
juryk in Microsoft Forms on
2 Replies