cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

user received alot of spam mails

GV IT
Brass Contributor

‎Jan 14 2019 05:22 PM

‎Jan 14 2019 05:22 PM

user received alot of spam mails

one of my users received alot of spam mails overnight.

is this a O365 issue

Labels:
Preview file
149 KB
3,826 Views
0 Likes
5 Replies
Reply
5 Replies
Kashu855

‎Jan 14 2019 06:32 PM

‎Jan 14 2019 06:32 PM

Re: user received alot of spam mails

In order to anlayze the details i would suggest you to do the following steps:
1.Get the message header of some emails and share the same(https://support.office.com/en-us/article/view-internet-message-headers-cd039382-dc6e-4264-ac74-c0485...)
2.run a message trace from exchange admin center by adding the recipient email(affected user):https://docs.microsoft.com/en-us/exchange/monitoring/trace-an-email-message/run-a-message-trace-and-...
I have attached the links for the steps to run a message trace and get the internet headers of an email(make sure your are getting the header from the user inbox not a forwarded copy of the same email)
Once you have the above two informations kindly share the same.
(Note: please do not mind the spelling mistakes)
1 Like
Reply
GV IT

‎Jan 14 2019 11:00 PM

‎Jan 14 2019 11:00 PM

Re: user received alot of spam mails

we just realized that this user is not only receiving spams.
his email is sending out spam mails since yesterday afternoon.
one every 3-4 mins.
beside changing password what else can we do ?
0 Likes
Reply
Kashu855

‎Jan 14 2019 11:06 PM

‎Jan 14 2019 11:06 PM

Re: user received alot of spam mails

Follow the steps mentioned in the article:
https://blogs.technet.microsoft.com/office365security/how-to-fix-a-compromised-hacked-microsoft-offi...

And make sure you check if someone else has permission on this mailbox and i would suggest you check for mailbox audit log( if it is turned on) for anu unusual sign ins.
You may also get the azure sign in logs from the azure AD portal.
Turn on Multi factor authentication for this account immediately.
1 Like
Reply
adam deltinger

‎Jan 14 2019 11:24 PM

‎Jan 14 2019 11:24 PM

Re: user received alot of spam mails

Yes! Do the steps above! Then take preventative action next like considering MFA for all accounts , make sure if not already, to set up SPF, DKIM and DMARC to prevent spam, spoofing, phishing etc..

https://docs.microsoft.com/en-us/office365/securitycompliance/use-dmarc-to-validate-email

https://docs.microsoft.com/en-us/office365/securitycompliance/use-dkim-to-validate-outbound-email

https://docs.microsoft.com/en-us/office365/securitycompliance/set-up-spf-in-office-365-to-help-preve...

Adam
1 Like
Reply
GV IT

‎Jan 14 2019 11:30 PM

‎Jan 14 2019 11:30 PM

Re: user received alot of spam mails

have changed the user email password.
the spams have stopped.
have checked there is no mailbox delegation.
0 Likes
Reply