Client email all the sudden swarmed with spam (O365)

[thecomputerguy]

Client calls me last week before the holiday and says HELP! I'm getting 100's of spam messages in my email all the sudden!

I login and sure enough every 1-2 minutes she is getting something spam related being delivered to her inbox. I checked sign in logs and there is no compromise there but I reset her password anyway just to be sure.

She said the password reset "helped" but she is still receiving hundreds of them, roughly 400 delivered to her inbox over the weekend, in addition to her normal mail.

I'm not really sure what to do it, it's like someone signed her up for some list. No one else in the company is having this issue. They all run Business Standard licenses so I don't have Defender, or spam policies fine tuned for them.

 

[phaZed]

Might be a good time to look into Proofpoint. PAX8 has it for resale.

 

[britechguy]

Who is the email service provider?

 

[YeOldeStonecat]

Do you have Defender Plan 1 included in their 365 tenant? I far prefer that, we used to use Proofpoint I couldn't run away from that fast enough, called it Pooppoint.

However, if client is suddenly slammed with spam, sounds like a common scenario for.....one of their credit cards was poached or an online shopping account like Amazon was poached. And the bad guys will sign that email address up with TONS of spam services....so that any orders placed in the poached account...get buried in the flood. Have them thoroughly groom their online accounts (such as Amazon, Etsy, etc). And have them clamp down on their credit cards...watch those like a hawk, get ahead of it and talk with their credit cards fraud department.

 

[Sky-Knight]

Might be a good time to look into Proofpoint. PAX8 has it for resale.

More like a good idea to learn how to configure M365's anti-spam capabilities.

Proofpoint is known as Pooppoint around my office, tired of their IP addresses getting FUBAR reputation and screwing with mail flows, tired of it ignoring and or screwing up mail detection.

Just go into the Defender Panel, click the standard button and make sure SPF, DKIM, and DMARC is good, even without Business Premium or Defender for O365 licensing you'll have a better experience than fully licensed pooppoint.

P.S. Don't get me started on mimecast either... oy... Both products used to be so good too...

 

[Markverhyden]

Every time I've had "spam/scam attacks" they've all virtually identical within each attack. I'll use the subject line or common phrase in the email and make a rule to trash them. It's important to never open spam, phishing, etc emails as they most likely signal the sender that it's been opened and thus have live game.

 

[phaZed]

I, for one, I have not had any issues with Proofpoint and It seemingly does a great job at filtering out a ton of junk that 365 misses.

More like a good idea to learn how to configure M365's anti-spam capabilities.

I was assuming that the OP had already had policies applied - at the very least, the default EOP rules that are more or less not able to be disabled. That's a pretty comprehensive "world list" from Microsoft (for what they have, anyways) out-of-the-box, of the common offenders.
Sure can certainly configure and add in obscure rules to catch 5-10% per rule or add spam sender addresses one-by-one... but that's a lot of work and a losing game as the emails achange and your rules no longer apply.

For one of my clients last year, a church, they had somewhat the same issue as the OP. One day, their office manager's inbox (O365) started getting flooded with spam. Proofpoint stopped virtually all of it. They seemingly have a more comprehensive list and filter set than O365.

 

[YeOldeStonecat]

The default EOP rules on vanilla 365 are "OK". They can be dialed up more strict....most people unfortunately dont.
However...when you add Defender P1 (previously known as Advanced Threat Protection)...also that comes with M365BP....if someone spends a few minutes to go "turn that on"...and more importantly...go in and dial up some custom threat policies...it is "fan-tas-tic". Unfortunately...I think most people/techs just add the license and assume it's on. Nope! Gotta either turn on the pre-configure policies, or better yet....create custom ones.

From experience with a couple of hundred tenants ...including our own 365 tenant ...comparing a couple of years on pooppoint...and I pulled that and moved us to DefP1....(so I had a front row experience there) and did the same with many many clients....DP1 is great. And it brings along many other important security features to the workstations and overall 365 tenant that...standard 365 licenses do not. So many people unfortunately miss out on those features too.

For 3rd party mail filtering...the best we've used (out of several)....was SpamTitan.

 

[Sky-Knight]

The Default EOP rules are also deprecated, I'm talking about clicking the standard or strict presets. You cannot customize them without a Defender for O365 license, and both implement AI spam filtration defenses.

The "Standard" preset is approximate to the highest level Pooppoint you can purchase.