troubleshooting Question

Malicious email spreading

Avatar of N B
N BFlag for Canada asked on
ExchangeOutlookMicrosoft 365Email Servers
4 Comments4 Solutions724 ViewsLast Modified:
A malicious email has been sent out to all contacts from one of our users Outlook that contained a nefarious and potentially damaging link. we requested all staff to remove it from your inbox. We are on Office365 for exchange. This email was sent with subject line:  "Please Docusign: Review Documents"  the message contained a box that said Diane sent you a document to review and sign with Review Document button. Which takes to http:// fishy looking hyperlink.

Many users have now clicked this link already in the email today and I am not sure what outcome we will be dealing with in next couple of days.

What best possible steps to be taken in this scenario ?  So far I have done the following:


1. Isolated this machine and running various scans.
2. Ran the O365 Powershell command to remove this message from all user mailbox
3. Made sure all our backups are secure and running
4. Ran virus scans on all our servers
5. I am currently tracing the IP address from the header of this original email and blocking it through our external email spam filtering company.

What else can we possibly do to avoid wide spread of these emails in next few days ?

The user said he click on this email about "4 days ago" and all of a sudden emails came out of his outlook to all company contacts GAL TODAY. This could mean all the users about ( 30 of them ) that clicked on this email today may have their computers infected as well and could possibly send an email in next few days to all their contacts.

While trying to scan the users computer from which this email was originally sent to all employee, ESET and some other scans could not find any virus or spywares.

This is quite scary and would like some experts thoughts and suggestions.

Thank you in advance.
ASKER CERTIFIED SOLUTION
btanExec Consultant
Join our community to see this answer!
Unlock 4 Answers and 4 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 4 Answers and 4 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros