O365 OWA keep getting phishing emails + addressed from our email address

%3CLINGO-SUB%20id%3D%22lingo-sub-2438776%22%20slang%3D%22en-US%22%3EO365%20OWA%20keep%20getting%20phishing%20emails%20%2B%20addressed%20from%20our%20email%20address%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2438776%22%20slang%3D%22en-US%22%3E%3CP%3EWorking%20in%20a%20volunteer%20place%20and%20the%20inbox%20keeps%20getting%20spammed%20by%20messages%20that%20are%20addressed%20as%20sent%20from%20our%20email%20address.%202%20Types%20of%20Phishing%20emails%20are%20being%20sent%20to%20our%20inbox.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1%3A%20btconnect%20your%20bill%20is%20ready%20click%20this%20link.%20Sent%20from%20%22ourvolunteerplace%40btconnect.com%22%20aka%20spammer%20is%20making%20it%20look%20like%20our%20email%20address%20so%20we%20can't%20set%20sweep%20rules%20and%20sending%20to%20spam%20and%20reporting%20as%20phishing%20is%20doing%20nothing.%20We%20get%203%20a%20day%20and%20its%20a%20matter%20of%20time%20before%20another%20volunteer%20clicks%20on%20one%20of%20these...%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E2%3A%20hacked%20btconnect%20email%20accounts%20sending%20us%20%22your%20bill%20is%20ready%20DATE%22.%20When%20I%20report%20as%20phishing%20or%20spam%20the%20inbox%20only%20blocks%20the%20sender.%20I%20can't%20implement%20sweep%20rules%20with%20the%20header%20text%20for%20some%20reason%20and%20we%20just%20keep%20getting%20them%20from%20other%20hacked%20accounts.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20using%20O365%20OWA.%20I've%20set%20up%20an%20example%20sweep%20today%20from%20advice%20from%20another%20post%20but%20as%20you%20can%20see%20it%20sweeps%20the%20senders%20emails%20not%20the%20header%20text%20which%20I%20can't%20find%20out%20how%20to%20add%20into%26nbsp%3B%20sweep%2C%20spam%20or%20phishing%20filters.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20email%20account%20was%20set%20up%20years%20ago%20by%20someone%20else%20so%20I%20only%20have%20the%20same%20access%20everyone%20else%20does.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22sweep%20rules.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F288047i09371E07FEE710EB%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22sweep%20rules.png%22%20alt%3D%22sweep%20rules.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-link-navigation%20lia-link-disabled%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2438776%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
New Contributor

Working in a volunteer place and the inbox keeps getting spammed by messages that are addressed as sent from our email address. 2 Types of Phishing emails are being sent to our inbox.

 

1: btconnect your bill is ready click this link. Sent from "ourvolunteerplace@btconnect.com" aka spammer is making it look like our email address so we can't set sweep rules and sending to spam and reporting as phishing is doing nothing. We get 3 a day and its a matter of time before another volunteer clicks on one of these...

 

2: hacked btconnect email accounts sending us "your bill is ready DATE". When I report as phishing or spam the inbox only blocks the sender. I can't implement sweep rules with the header text for some reason and we just keep getting them from other hacked accounts.

 

We are using O365 OWA. I've set up an example sweep today from advice from another post but as you can see it sweeps the senders emails not the header text which I can't find out how to add into  sweep, spam or phishing filters.

 

The email account was set up years ago by someone else so I only have the same access everyone else does.

 

sweep rules.png

 

 

 

1 Reply
Sweep rules arent designed for such scenarios, best use a mail flow rule or block the sender in the anti-spam config: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/create-block-sender-list...