I've just found out that someone in our organization had an email sent to a customer, impersonating one of our team members. They only made slight adjustments, like changing the signature and the bank transfer details, but it caused a stir. I advised the affected employee to change their password, but what additional steps can I take to prevent this and secure our email communications?
5 Answers
You should definitely involve an MS Exchange admin. It's crucial to address a situation like this. Here’s a guide you can consult for responding to a compromised email account. Changing the password is just the starting point; there’s much more you need to do.
First off, without checking the email headers, it’s hard to determine how they spoofed the message. You’d be surprised how easy it is to fake emails in some clients like Outlook. Make sure to review those headers if possible.
This sounds like a classic case of business email compromise. If the only difference was the sending domain, this could lead to serious issues, so it’s essential to take this seriously. Regularly review your email security settings to catch these issues early.
Make sure to revoke all active sessions, change the password, and enable multi-factor authentication (MFA). Also, check for any rules in the web app that might have been altered. We've dealt with something similar before, where the scammer added rules to hide their activity.
Check your email headers as spoofing is common without proper security measures. Ensure that your SPF, DKIM, and DMARC records are correctly set up. These will help improve email authenticity and security.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures