Avatar of Damian Gardner
Damian Gardner asked on

Hello - we are getting alerts as of about 2 weeks ago, about "Phish emails allowed" in our O365 domain, and wanted to get some input from the experts out there.

Hello - we are getting alerts as of about 2 weeks ago, about "Phish emails allowed" in our O365 domain, and wanted to get some input from the experts out there.  Here is a copy of one of the 7 alerts received:


Severity
 Informational
Time (UTC -05:00)
Sep 7, 2021 11:25:42 PM
Threat type
Spam, Phish and Malicious
Hit count
Details
This alert fires when message containing phish was delivered due to an IP allow policy. -V1.0.0.3By the time this alert was triggered, the following 1 user received Spam, Phish and Malicious mail matching the conditions of your alert policy:info-europe@laco.comThis alert was triggered by theAnti-spam Policy : Connection filter policy

Status
Active
Comments
New alert


When I try to "View message" it shows me nothing there.  So first question is where do I see the IP allow policy, and 2) why is the message gone for each one when I try to see what email tripped it?

Thanks for your help.
Damian


Microsoft 365Microsoft OfficeExchange* Phishing

Avatar of undefined
Last Comment
Damian Gardner

8/22/2022 - Mon
Paul MacDonald

What are the odds this e-mail is phishing and clicking "View message" is what allows the malware to infect your computer?

Where does this alert come from?

Do you have an "Anti-spam Policy : Connection filter policy"?  What's in it?
ASKER
Damian Gardner

Thanks for your reply Paul.  I should have mentioned - this is from inside the Office 365 admin console.  this is the console alerting me.  I do not know what email triggered it, or where to track down the "IP policy" that "allowed it".  I have a feeling these are false alarms though, because I used the time and date of the Office365 alert and matched it up with a couple of emails in the mailboxes of 2 of the email addresses that the alerts specified were the recipients, and they were legitimate emails.  So I'm looking for information on how to find the "IP policy" that the O365 console is referring to, mainly.

thanks
ASKER CERTIFIED SOLUTION
Scott Fell

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
Damian Gardner

Thanks Scott - let me check this out and see if I get anywhere on it.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck