Phishing Email Issue

frase

Well-Known Member
Reaction score
4,090
Location
Melbourne, Australia
I have a customer who originaly from what I understood someone at the workplace clicked on an invoice. The invoice even had the Managers Signature on it as well.

This fake invoice is now spreading to his customers, with outrageous amounts to be paid.

What would be the best approach in this situation?

Win11
365 Business [dont know edition]
 
What would be the best approach in this situation?

If they have an "all customers" mailing list, then sending out a message that this is happening and to ignore it would be a good idea.

I can't imagine that most of the clients will not recognize "the next cycle of this sort of thing" as most of us have been there, done that, got the T-Shirt. Particularly in business settings.

But the email of notification that an attack has spawned these messages demanding ridiculous payments, that we know are not real, is a courtesy.
 
This fake invoice is now spreading to his customers, with outrageous amounts to be paid.

What would be the best approach in this situation?

IMMEDIATELY dive into their email platform and start following all of the best practices for when a compromise happens...what do they use? Hopefully a good business grade platform that you can do effective things with.
I'd also probably isolate that computer that did the clicking...and thoroughly cleanse that.....
 
Don't email customers. Call them and tell them, for now, to ignore any invoice that is not accompanied by a phone call. I know it's embarrassing and time consuming but loosing customers is even worse.
Secure all accounts.
DKIM, SPF, and DMARC records need to be added. The is what prevent hackers from spoofing sending addresses. Of course if they don't have their own domain, aka free email, they're getting what they paid for.
 
Look at the offending users email account through a web browser. See if there are any rules set up. A lot of times these scammers will redirect mail to places the user will never see.

I'd call Microsoft 365 support or your resellers support line and have them walk you through some things.
 
Don't email customers. Call them and tell them, for now, to ignore any invoice that is not accompanied by a phone call.

If you're going to call, you should still email as well. I have no idea how many clients are involved, but if it were hundreds, and speed is of the essence, the fastest way to reach them all is the first way to go with anything else as follow-up. That means that in a very great many cases phone calls aren't even practical if the numbers are large, at least for initial rapid response.
 
I went onsite it was a single desktop and went through normal procedures I usually do. I checked the rules and indeed there was two in there the customer was unaware of. Looked into the 365 Admin and checked in there in case that was compromised as well. Only the single account on the system.

Once they were removed the customer could send and receive correctly, the rule looked like it was diverting/forwarding to some unknown Folder. So thanks to all for the suggestions.
 
Back
Top