Phishing from spoofed corporate email address

%3CLINGO-SUB%20id%3D%22lingo-sub-1062025%22%20slang%3D%22en-US%22%3EPhishing%20from%20spoofed%20corporate%20email%20address%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1062025%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20everyone%2C%3CBR%20%2F%3E%3CBR%20%2F%3EWe%20received%20a%20phishing%20email%20in%20our%20company%20today%2C%20the%20problem%20is%20that%20it%20looked%20a%20lot%20like%20it%20came%20from%20our%20own%20domain%3A%20%22ms03support-onlinesubscription-noticfication-mailsettings%40***.com%22%3CBR%20%2F%3EOf%20course%20we've%20put%20the%20sender%20on%20blocklist%2C%20but%20since%20the%20domain%20is%20-%20in%20theory%20-%20our%20own%2C%20we%20cannot%20block%20it.%20Our%20idea%20would%20be%20that%20we%20should%20enable%20receiving%20emails%20-%20besides%20from%20external%20senders%20-%20only%20from%20the%20internal%20email%20addresses%2C%20that%20exist%20at%20our%20company%2C%20and%20can%20be%20controlled%20by%20our%20admins.%3CBR%20%2F%3EIs%20there%20any%20solution%20for%20this%3F%20Thank%20you%20for%20your%20answers%20in%20advance!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1062025%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAdmin%20App%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1063219%22%20slang%3D%22en-US%22%3ERe%3A%20Phishing%20from%20spoofed%20corporate%20email%20address%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1063219%22%20slang%3D%22en-US%22%3E%3CP%3ECannot%20speak%20without%20seeing%20the%20full%20set%20of%20information%20about%20this%20message%2C%20but%20in%20general%20phishing%20can%20happen.%20Features%20such%20as%20ATP's%20anti-spoof%20protection%2C%20DKIM%2C%20DMARC%20help%2C%20and%20you%20can%20also%20set%20up%20a%20simple%20transport%20rule%20that%20flag%20every%20external%20email%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Foffice365itpros.com%2F2019%2F03%2F08%2Fmarking-external-email-with-exchange-transport-rule%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Foffice365itpros.com%2F2019%2F03%2F08%2Fmarking-external-email-with-exchange-transport-rule%2F%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Visitor

Hello everyone,

We received a phishing email in our company today, the problem is that it looked a lot like it came from our own domain: "ms03support-onlinesubscription-noticfication-mailsettings@***.com"
Of course we've put the sender on blocklist, but since the domain is - in theory - our own, we cannot block it. Our idea would be that we should enable receiving emails - besides from external senders - only from the internal email addresses, that exist at our company, and can be controlled by our admins.
Is there any solution for this? Thank you for your answers in advance!

1 Reply
Highlighted

Cannot speak without seeing the full set of information about this message, but in general phishing can happen. Features such as ATP's anti-spoof protection, DKIM, DMARC help, and you can also set up a simple transport rule that flag every external email: https://office365itpros.com/2019/03/08/marking-external-email-with-exchange-transport-rule/