We help IT Professionals succeed at work.

Trying to stop an Attacker...

199 Views
1 Endorsement
Last Modified: 2017-04-16
For the past couple of months, an attacker has been sending my company emails trying to get us to install a RAT. Somehow, he knows the services we use (VoIP providers, etc) and sends emails as them. I've traced his originating IP using the email header data and he traces back to a server rental farm in Japan. I've reported him to them 3 times, but to no avail. Any ideas on how to stop this guy? We cant block the domains, as they are legitimate domains we receive emails from.
Comment
Watch Question

CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
Shaun VermaakSenior Consultant
CERTIFIED EXPERT
Awarded 2017
Distinguished Expert 2019
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
Natty GregIn Theory (IT)
CERTIFIED EXPERT
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
Mark PlierDirector of IT

Author

Commented:
I'm really liking the idea of blocking by header as they are all coming from the same IP (the one hosted server)

How would I go about this in Exchange? We are hosted with Office 365
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooter
CERTIFIED EXPERT
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Answered