O365 Password Expire Phishing Attempt

During a cloud migration from a on-premise Exchange server behind a commercial firewall to a full Office365 Exchange we noticed the amount of spam that was getting through. Here is an example of the email.

The phishing email looks very genuine, but isn’t. We hope you find this information prior to an incident at your facility and it helps you thwart any attempt at gaining access to your facilities network.

Let us know if this helped you…

Office 365 you weren’t recognized as a valid sender

Had a user who started to get this message. “Your message couldn’t be delivered because you weren’t recognized as a valid sender”. Logged into their Office 365 Admin account and went to Protection >> Action Center. Saw the user there and clicked “unblock” them. It took a minute, and came back with the user still in the list. I tried to send an email at the user and got the same error. In the Admin panel >> Action Center the user was still listed. I clicked “unblockagain and this time the user wasn’t listed. I tried to send another email, and got the same error again. I see a alert on the Action Center page to go to the new “Restricted Users page“. This page didn’t show the user being blocked.

I looked at the error in the Non-Deliverable Report in the returned email. The error in the message is “550 5.1.8 Access denied, bad outbound sender“.

This page was a help to let me know it could take a few hours for the email to resume.

https://support.office.com/en-US/client/results?Shownav=true&lcid=1033&ns=O365ENTADMIN&version=15&omkt=en-US&ver=15

Let us know if this helped you…

Exchange 2016 – Grant Full Permissions Over A Mailbox

I recently had to remove permissions from a mailbox where another user had “Full Access” or “Full Permissions” over. The original setup was done on the old Exchange 2010 server that was upgraded to 2016.

  • Log into the web interface of the Exchange.
  • Locate the mailbox and double-click on the mailbox display name.
  • Click on “mailbox delegation“.
  • Scroll down to the last box “Full Access“.

Let us know if this helped you…

Migrating Email From Rackspace To Office 365 Godaddy Domain

We have been moving some customers over to Office 365.

Here are some of the steps required to do this.

  1. Setup the account in Office 365.
  2. Use the migration tool
  3. In Office 365 go under Setup >> Domains >> give it a second and it should populate the 3 records you will need to update.
    MX
    TXT
    CNAME
  4. We removed all the older record pertaining to SecureServer.net which was POP, SMTP, CNAME, TXT, and the MX record.
  5. Added the 3 records shown above.
  6. Sent a test and received the email. Replied back and was able to verify the customer could receive the email.

Let us know if this helped you…

 

Phishing Attempts From Cheapfixerproperties.com

We had a customer complaining about emails stuck in the spam filter. They were getting an email with the subject line “(3) Incoming messages failed to sync”. In the email was a button to “Restore Messages”; however, when we hovered over the link the web address was for “https://cheapfixerproperties.com/…”.

We told the customer this was a Phishing attempt, and to not click on that button. They are ready had. We ran a full Vipre scan on their machine.

The URL takes you to a site that Google has already flagged.

Let us know if this helped you…

 

#550 4.4.7 QUEUE Exchange Unable To Send To Comcast

We recently had a customer get a ISP change and on the same day were moving their DNS to Godaddy.  A few weeks later they noticed a bunch of emails bouncing back with a lot of the email addresses being for Comcast. We weren’t sure if this was a Godaddy,DNS, Exchange, or ISP issue.

It turned out to be the ISP needed to a PTR (pointer record) to the IP address.

This link helped us know that the PTR record is set by the ISP.

https://community.spiceworks.com/topic/1212792-ptr-record-in-godaddy-not-working

Here are some of the other things we had tried.

  • Adding the static IP to their SPF record.
  • Adding a Reverse Zone Record in the exchange server.
  • Turned off Spam Filtering in their email account

Let us know if this helped you…

 

Godaddy Cpanel Email Can Send But Not Receive

We recently set up a new Godady CPanel hosting and set up the main email account for this domain. We didn’t want to miss any emails so the email account was set up just like the old hosting CPanel email. We were hoping for a quick switch.

We were able to send from this new email account, but couldn’t receive email. We used the website http://www.mailtester.com and it was showing an error that the email address didn’t exist.

Back in the CPanel account I clicked on MX Entry and we could see it was set for “Remote Exchanger” we changed this to “Local Exchanger” and everything was working.

Let us know if this helped you…

 

Email Scam – I do know, XXXXXXXX, is your password.

We received an email from a old customer who got an email with the following message.

I do know, xxxxxxx, is your password. You don’t know me and you are probably wondering why you are getting this e-mail, correct?

actually, I actually installed a malware on the adult vids (sexually graphic) site and do you know what, you visited this web site to have fun (you know what I mean). While you were watching video clips, your web browser started out functioning as a RDP (Remote Desktop) having a key logger which provided me access to your display screen as well as cam. after that, my software obtained all of your contacts from your Messenger, FB, as well as email.

What exactly did I do?

I created a double-screen video. 1st part displays the video you were watching (you’ve got a nice taste lol . . .), and 2nd part shows the recording of your web camera.

exactly what should you do?

Well, in my opinion, $2900 is a fair price for our little secret. You will make the payment through Bitcoin (if you do not know this, search “how to buy bitcoin” in Google).

BTC Address: 149EV7BbQSuJTS8mHJ5kdjGBvSKMFu7tob
(It is cAsE sensitive, so copy and paste it)

There was more to the email. The point is this email is a SCAM.

The biggest question was it was a password the customer had used in the past. Our best guess is someone gained access to an account they had and was able to capture name, email address and password. With this information they were able to get the scam started.

A Google search lead me to others that have received this email, and they all confirmed it was a scam.

Let us know if this helped you…

 

Unable To Send Email From Office 365 Shared Mailbox

Had a customer and the newer employee was getting a error that they didn’t have permission to send email from a shared mailbox.  Here is how we were able to resolve this.

  • Log into the Office 365 account with the Admin credentials
  • Under “Groups” go to “Shared Mailboxes”
  • Click on the mailbox to open it’s properties
  • Under the “Members” section click “Customize Permissions”
  • Under the “Send as” section click “Edit”
  • Click “Add Permissions” and check the user you need to add and click “Save”.

Let us know if this helped you…

 

Translate »