A malicious email has been sent out to all contacts from one of our users Outlook that contained a nefarious and potentially damaging link. we requested all staff to remove it from your inbox. We are on Office365 for exchange. This email was sent with subject line: "Please Docusign: Review Documents" the message contained a box that said Diane sent you a document to review and sign with Review Document button. Which takes to http://
fishy looking hyperlink.
Many users have now clicked this link already in the email today and I am not sure what outcome we will be dealing with in next couple of days.
What best possible steps to be taken in this scenario ? So far I have done the following:
1. Isolated this machine and running various scans.
2. Ran the O365 Powershell command to remove this message from all user mailbox
3. Made sure all our backups are secure and running
4. Ran virus scans on all our servers
5. I am currently tracing the IP address from the header of this original email and blocking it through our external email spam filtering company.
What else can we possibly do to avoid wide spread of these emails in next few days ?
The user said he click on this email about "4 days ago" and all of a sudden emails came out of his outlook to all company contacts GAL TODAY. This could mean all the users about ( 30 of them ) that clicked on this email today may have their computers infected as well and could possibly send an email in next few days to all their contacts.
While trying to scan the users computer from which this email was originally sent to all employee, ESET and some other scans could not find any virus or spywares.
This is quite scary and would like some experts thoughts and suggestions.
Thank you in advance.