Mysterious Outlook invite sent

%3CLINGO-SUB%20id%3D%22lingo-sub-1565627%22%20slang%3D%22en-US%22%3EMysterious%20Outlook%20invite%20sent%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1565627%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHello%2C%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENot%20sure%20if%20this%20should%20be%20posted%20here%20or%20in%20the%20Security%20and%20Compliance%20hub.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20a%20user%20account%20that%20created%20a%20meeting%20with%20no%20title%20and%20no%20content%20or%20attachments.%20The%20invite%20was%20sent%20out%20to%204%20internal%20users%20and%204%20external%20users.%20She%20claims%20she%20didn't%20send%20the%20invite.%20I%20did%20a%20message%20trace%20and%20the%20invite%20did%20originate%20from%20our%20O365%20tenant%2C%20and%20she%20did%20see%20it%20in%20her%20sent%20items.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFirst%20thought%20is%20that%20it's%20potential%20virus%2C%20so%20I%20scanned%20her%20laptop%20with%202%20different%20AVs%20and%20it%20didn't%20detect%20anything.%20Then%20I%20figure%20it%20may%20have%20come%20from%20byod%20phone%2C%20for%20which%20she%20doesn't%20have%20an%20AV%20installed.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20was%20wondering%20if%20there%20is%20a%20way%20to%20determine%20whether%20the%20invite%20was%20create%20on%20a%20mobile%20device%20or%20their%20corp%20laptop.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20checked%20her%20email%20activity%20and%20there's%20been%20no%20other%20suspicious%20emails%20sent%20from%20her%20account.%20There%20was%20no%20strange%20title%20or%20malicious%20payload.%20I'm%20starting%20to%20suspect%20that%20she%20may%20have%20inadvertently%20sent%20out%20the%20meeting%20invite.%20I%20don't%20even%20know%20if%20that's%20possible%20by%20mistakenly%20hitting%20some%20key%20combo.%20But%20she%20said%20that%20the%20recipients%20would%20never%20have%20had%20any%20common%20meetings%2C%20and%20their%20not%20part%20of%20any%20special%20groups.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3CP%3EMike%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1565627%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOutlook%20for%20Android%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOutlook%20for%20iOS%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOutlook%20for%20Windows%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOutlook%20on%20the%20Web%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
Occasional Contributor

 

Hello, 

 

Not sure if this should be posted here or in the Security and Compliance hub.

 

I have a user account that created a meeting with no title and no content or attachments. The invite was sent out to 4 internal users and 4 external users. She claims she didn't send the invite. I did a message trace and the invite did originate from our O365 tenant, and she did see it in her sent items.

 

First thought is that it's potential virus, so I scanned her laptop with 2 different AVs and it didn't detect anything. Then I figure it may have come from byod phone, for which she doesn't have an AV installed.

 

I was wondering if there is a way to determine whether the invite was create on a mobile device or their corp laptop. 

 

I checked her email activity and there's been no other suspicious emails sent from her account. There was no strange title or malicious payload. I'm starting to suspect that she may have inadvertently sent out the meeting invite. I don't even know if that's possible by mistakenly hitting some key combo. But she said that the recipients would never have had any common meetings, and their not part of any special groups.

 

Thanks,

Mike

 

0 Replies