We recently had another phishing attack ( we have since purchased a advanced threat protection for email)
But I am curious, in the past when we had employees that clicked these links and even though well educated, still added their network credentials, we would have them change their password and that would be the end of the spamming however, this last bout... we had 2 users who changed their passwords and it did nothing. we removed the rules and the rules would be placed back. We had about 18 other employees who did this but with quick communication I was able to work with them to change their password and the rules to move the incoming emails to the deleted folder had not been created. The other two, time had lapsed between their providing their network activity and becoming victim of spam.
We attempted to clean the devices and run scans but nothing showed up so we rebuilt those two and they are now fine.
My concern is... how did these two get infected but the others did not?
My concern is a potential data breach if someone were to have physically been on the device but how would we know that? Our exchange server shows the only activity came from an Outlook client so its not like they physically went into the mailbox using OWA. This is confusing
Solved! Go to Solution.
Can you give a bit more detail about what happened? It sounds like a link came through... was the link embedded in a file or directly in the email? What type of file was it?
HI David, thought I would respond to this... what I realized was that as long as the hacker has the email account open, they can continue to reset the rule when it is deleted and continue to do their mess. So the device was not infected, we just had a live hacker and had to wait for them to get out of the account. We did disable the account so it could not send or receive and eventually they got off.
We did purchase the ATD for email and that has helped a lot and we recently placed the McAfee ATD/TIE system and are working on pushing that out to all clients. Things are much better