Phishing mail delivery error mt228412@gmail.com

Indie101
Indie101 used Ask the Experts™
on
Hi several users at a customer site received delivery errors sent to mt228412@gmail.com for some of their users.

We did a message trace and nothing has showed up in the past week

I can see it’s mentioned on a known phishing site

What’s best way to make sure nothing untoward has happened?

Has this been secured by Microsoft?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
timgreen7077Exchange Engineer
Distinguished Expert 2018

Commented:
It's possible that someone has spoofed the email email address and that may be why nothing is showing up in message trace. there really isn't much you can do about spoofing, other than make sure that your clients spf records are in place, and start to consider DKIM and DMARC as an additional method of securing you emails. Other than that, there isn't much that you can do since anyone can spoof any email address.

Author

Commented:
There were nails showing up before the past week. Any reason why they would have stopped. Nothing changed from our side.Was security implemented by 365?
timgreen7077Exchange Engineer
Distinguished Expert 2018

Commented:
not sure i understand. email showing up where? Also I'm not aware of any changes my MS that would interfere with mail flow.
CompTIA Network+

Prepare for the CompTIA Network+ exam by learning how to troubleshoot, configure, and manage both wired and wireless networks.

Author

Commented:
This mail showed up for users initially last week

As a non delivered mail error they haven't got any instances of it the past few working  days

I just thought when it stopped ms may have done something as the email address is well known

Are there any good blogs on how best to deal with spoofing mail in 365?
Exchange Engineer
Distinguished Expert 2018
Commented:
See the below link for info on SPF, DKIM, and DMARC for email validation for O365. that will be your best option to look into.

https://blogs.technet.microsoft.com/fasttracktips/2016/07/16/spf-dkim-dmarc-and-exchange-online/

Author

Commented:
Thanks Tim i don't see any link
timgreen7077Exchange Engineer
Distinguished Expert 2018

Commented:
look again. i had to readd it.
David FavorFractional CTO
Distinguished Expert 2018

Commented:
Post an example of the bounce message, all headers intact. Likely someone can help.
Use"Have I Been Pawned" to check the breach status. Get more info: https://community.spiceworks.com/topic/2194228-office-365-users-has-been-hack

Configure manually SPF, DKIM and DMARC to protect against spam. You could also look at Mimecast or Sophos for to help improve email security and use filter like Barracuda.

This is a good read for some tips and tricks to avoid email phishing attacks: https://expert-advice.org/security/10-best-practices-to-avoid-email-phishing-attacks/

Domain Spoof Prevention in Exchange 2013/2016 & Office 365: https://support.knowbe4.com/hc/en-us/articles/212679977-Domain-Spoof-Prevention-in-Exchange-2013-2016-Office-365

Author

Commented:
Thanks I ran below command to see where forward for that mail address was setup

get-mailbox -filter * | ft displayname, *forward*

Then changed password for user involved and removed forwarding forwarding rule in 365 and local client thanks again :)

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial