Is it possible that a malicious script created a rule in shared inbox?

bryan-butler · ‎Oct 12 2021

Hey everyone,

We've been dealing with phishing attempts, including some socially engineered, targeted ones. One of our shared inboxes had a rule created that had the URL of a legitimate organization marked as read and deleted, while we were getting emails from a very similar fake address that was off by one letter.

I've asked the team if they created the rule in earnest, and we also have two factor verification set up on all of the accounts, so I'm wondering how this rule got created. Is there a way for someone to create rules when they wouldn't have access to the actual mailbox? Something like a malicious script running when an email got opened? If there is some way, how do you prevent it from happening in the future?

I tried searching for something like this, but all of the results would come up about creating a rule to block malicious email, and not malicious email creating rules.

Thanks,
Bryan

A1 · ‎Oct 12 2021

@bryan-butler Hi

How Cyberattacks Are Changing with New Microsoft Digital Defense Report - Microsoft Security Blog

https://www.microsoft.com/security/blog/2021/10/11/how-cyberattacks-are-changing-according-to-new-mi...

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Is it possible that a malicious script created a rule in shared inbox?

Is it possible that a malicious script created a rule in shared inbox?

Re: Is it possible that a malicious script created a rule in shared inbox?