Is it possible to scan the original email header of a forwarded email? When I check the header information from a forwarded phishing attack email it appears it's only analyzing the last hop and not the original.
It appears someone sent an email from my client's actual email address and does not appear to be a phishing email. As of now, there is no indication how this happened. Has anyone seen anything like this before?
Ran full scans on all the devices on the network and everything is coming back clean. On-premise exchange server, PDC, professional firewall, 12 WIN10 Pro workstations, everything is patched.
I did have one person travel to Europe with a laptop and recently just got back. The last time a client traveled overseas there was a substantial amount of attacks after they returned. Very concerning.