My organization has been facing a surge of phishing emails where compromised internal accounts are sending harmful links to other internal users. I attempted to create a rule in the Exchange Admin Center to quarantine emails if they're sent from an internal sender to an internal user containing an external link, but I can't find an option to add a condition for it being sent to more than 100 recipients. Aside from implementing multi-factor authentication, which is being rolled out, what strategies can I use in the meantime to stop these phishing emails from proliferating?
2 Answers
First off, it's crucial to start with identifying those compromised accounts. You might consider monitoring for unusual login activity or implementing alerts for multiple failed logins. Training your users to recognize phishing attempts is also key—make sure they're aware of what these emails may look like. Once users report suspicious emails, take rapid action to investigate and secure any compromised accounts.
Honestly, it sounds like you've hit a critical point. If MFA isn't fully deployed yet, I strongly recommend you bring in an incident response team. They can help assess the situation, contain the issue, and provide strategies tailored to your specific environment. In the meantime, tighten up your email filtering rules and consider blocking messages with external links sent from internal accounts until you stabilize the issue.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures