O365 Password Expire Phishing Attempt

During a cloud migration from a on-premise Exchange server behind a commercial firewall to a full Office365 Exchange we noticed the amount of spam that was getting through. Here is an example of the email.

The phishing email looks very genuine, but isn’t. We hope you find this information prior to an incident at your facility and it helps you thwart any attempt at gaining access to your facilities network.

Let us know if this helped you…

Office 365 you weren’t recognized as a valid sender

Had a user who started to get this message. “Your message couldn’t be delivered because you weren’t recognized as a valid sender”. Logged into their Office 365 Admin account and went to Protection >> Action Center. Saw the user there and clicked “unblock” them. It took a minute, and came back with the user still in the list. I tried to send an email at the user and got the same error. In the Admin panel >> Action Center the user was still listed. I clicked “unblockagain and this time the user wasn’t listed. I tried to send another email, and got the same error again. I see a alert on the Action Center page to go to the new “Restricted Users page“. This page didn’t show the user being blocked.

I looked at the error in the Non-Deliverable Report in the returned email. The error in the message is “550 5.1.8 Access denied, bad outbound sender“.

This page was a help to let me know it could take a few hours for the email to resume.

https://support.office.com/en-US/client/results?Shownav=true&lcid=1033&ns=O365ENTADMIN&version=15&omkt=en-US&ver=15

Let us know if this helped you…

Phishing Attempts From Cheapfixerproperties.com

We had a customer complaining about emails stuck in the spam filter. They were getting an email with the subject line “(3) Incoming messages failed to sync”. In the email was a button to “Restore Messages”; however, when we hovered over the link the web address was for “https://cheapfixerproperties.com/…”.

We told the customer this was a Phishing attempt, and to not click on that button. They are ready had. We ran a full Vipre scan on their machine.

The URL takes you to a site that Google has already flagged.

Let us know if this helped you…

 

WP2Social Auto Publish Powered By : XYZScripts.com
Translate »