4 Replies Latest reply on Dec 22, 2016 7:31 AM by sol

    Pay Raise Phishing Scam - how do these work, possibly new technology from previous versions?

    sol

      We recently had another phishing attack ( we have since purchased a advanced threat protection for email)

       

      But I am curious, in the past when we had employees that clicked these links and even though well educated, still added their network credentials, we would have them change their password and that would be the end of the spamming however, this last bout... we had 2 users who changed their passwords and it did nothing. we removed the rules and the rules would be placed back.   We had about 18 other employees who did this but with quick communication I was able to work with them to change their password and the rules to move the incoming emails to the deleted folder had not been created. The other two, time had lapsed between their providing their network activity and becoming victim of spam.

       

      We attempted to clean the devices and run scans but nothing showed up so we rebuilt those two and they are now fine.

       

      My concern is... how did these two get infected but the others did not?

       

      My concern is a potential data breach if someone were to have physically been on the device but how would we know that? Our exchange server shows the only activity came from an Outlook client so its not like they physically went into the mailbox using OWA.  This is confusing