Link to home
Start Free TrialLog in
Avatar of Mark Hynes
Mark HynesFlag for United States of America

asked on

Why am I getting Emails these bogus Emails.

We are getting bogus emails:  (emails that were never sent by anyone inside our organization) - to people that are inside our organization.  Subjects are different, nothing is ever the same.  Its like we have a Gremilin inside sending emails that are making no sence.  What could be doing this, and how do I stop it.  One emails in particular is one of our employees that is responsible for purchasing received an email from the Bosses email address telling her to purchase speffic gift cards and us them to get dome supplies from like Home Depot.  The Boss never sent that email.  What could be happening here, and how can I stop it ?  Using Trend Micro Advance Security for email scanning and PC Security agent.

Thanks in advance for any help I can get.  

Mark H.
Avatar of John
John
Flag of Canada image
These are spoofed phishing emails and you cannot stop the sending, so you need to turn up your spam filter settings.

I see emails from joe friend@somewhere.com in my spam filter (spoofed) and emails from joe friend@somewhere.com in my inbox (good emails)
Avatar of Adam Brown
Adam Brown
Flag of United States of America image
This is a very common tactic these days. Best tactic to stop this stuff is to block all emails from your domain(s) that reach the spam filter (unless it's a spam filter that is directly installed on the server which I don't recommend). This block is effective because your spam filter should never ever see an email with a From: address in your domain. All of those emails will stay internal if they are valid. Most often, when you see an invalid email with from: that is in your domain, it's been spoofed. There are rare occasions where it's a mailbox compromise situation, but not always. You can check this by viewing the headers of the email to determine the path it took.
Avatar of masnrock
masnrock
Flag of United States of America image
They are spoofing your email addresses and trying to scam your users. You should be making use of SPF to assist with this. Additionally, you should have rules in your spam filter to block these kinds of messages.
Avatar of Mark Hynes
Mark Hynes
Flag of United States of America image

ASKER

I have both spam filter on my server from Outlook and Exchange (Trend Micro). As a first line defense, Our email gets filter by Trend Micro Hosted Email Security, then goes to out email Exchange Server where there is Trend Micro Scanner working with Exchange. Im not sure I understand what I should do when you say - Block all emails from your domain the reach the span filter ?

Thanks

Mark H.
ASKER CERTIFIED SOLUTION
Avatar of masnrock
masnrock
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial