Spam email and text message from one employee within company

dee001

dee001

Member
Reaction score
9
Hello, I have a customer that uses google suite for their email and a lot of the staff members are receiving spam emails from Gmail email accounts with weird addresses but with this one employee's full name within the email asking for small task. And one user just sent me a text message that was a spoof from the same employee. The spam filter is catching all of these emails but the employee is concerned that he has been hacked or something else is going on. Any suggestions on what's going on and how to address this?
 
There’s no way to prevent spear-phishing attacks. Smart hackers can research online the names of employees and employers, often via LinkedIn. The only thing you can do is boost your spam filters, make sure that SPF, DMIK, and DMARC are fully set up.

Then the company needs to invest more in end user training to spot phishing attempts.
 
Not cool, does this apply with the text messages? The spoof text messages are not from the employee's real phone number but a fake one and have this employee's name within the text message.

The Employee is a bit concern that they may have some exposure possibly within their personal stuff that is creating all of this.
 
It’s not just the employee. Obviously the hackers have gotten a hold of real cell phone numbers within the company. You can block the numbers as they pop up or change the phone numbers. Again there is no way to stop people from finding out phone numbers or email addresses. Much of this information can be publicly discovered without ANY mis-actions on the user’s part. Welcome to the 21st century and the power of Google. Management at many companies are sadly targeted for this kind of activity.
 
Note that the entire company should immediately change passwords and turn on 2FA. It’s possible that someone had his account mined for data.
 
We get paid to clean up the mess!

And end users have gotten lazy, used to us being able to wave a magic want at the problem and have it go away. But there's zero way to separate spear phishing messages from standard business emails. So now, we get to patch the hardest computer to update...

The end user's brain...

So much of this goes away if you simply don't accept mail from free email hosts... but find me a business that's OK with that? How many of us support "businesses" that think it's OK to use free emails for their actual commercial use?
 
So a forced password policy is a good step to do? I am just thinking of all the calls but not a problem and I will turn on 2fa for everyone.

The customer has a paid-for version of google suite with a domain
 
Yes. It's possible that an account, any account, has been accessed allowing the hackers to gather information. Any one user with access to a company directory of email addresses can be the information leak.
 
2FA does help a ton, so if you're not already demanding 2FA on any cloud exposed and yet mission critical tool... you're behind.

But yet it's not fool proof. TOTP is annoying, but generally works. Push Auth is what everyone wants, but that means pressing OK and bad guy is in, and we're back to the old problem of people just clicking OK all the time.
 
I am preparing an email to inform users of the changes for the 2fa but now my concern is users being afraid to use their personal cell phone to do the authentication, I have a few users at this company that won't accept the agreement to allow push mail on their cell phone so they check their mail from the phone browser instead of the mail app.
 
Not. your. problem. They asked you for a fix and this is it. Either they need to get over it or the management needs to hand them a company cell phone. Or get scammed and lose thousands of dollars which is cheaper?
 
M365 TOTP can be enabled in such a way to support any authenticator, this includes stuff you can run on a desktop. If you've got a doorknob of an employee that doesn't want to run an auth app on their phone, set one up on their desktop and have them be unable to work unless they're at work.

It won't take long before knocking that BS off will be a condition of employment, and the problem moves on. If they want email on their phones but don't want to worry about the company deleting their stuff, install the Outlook app. Then you can only control that app remotely. But if their fear is that big scary button that says HEY, you're giving corporate permission to manage this device, that's easy... because MS Authenticator doesn't do that, nor does Teams, or really any of the Office apps... except Outlook, and Android / Apple default email clients.

I have clients that are that paranoid, I find them VERY easy to work with. Because I'm the same way. I just need to explain to them what controls go where. All of them thus far have opted to install the Outlook app for company stuff, and know that it will be drained of data when they leave. It won't and doesn't touch anything else.
 
Any suggestions or tips to prepare for with turning on 2FA and forcing password change with a good set of users all working from home. My concern is those users that has a problem with even setting up mail on their mobile device, they will need to update those devices with the new password hopefully the apps should just prompt them that the password is invalid and prompt to type in the new password, not sure if I should provide instructions on this or not or deal with it case by case. Any suggestions?
 
You must log in or register to reply here.

Similar threads

HCHTech
M365 can send but not receive email
2
Replies
20
Views
604
callthatgirl
callthatgirl
thecomputerguy
New clients MFA is all out of whack and not sure how to fix it.
2 3 4
Replies
60
Views
4K
Rosco
Rosco
J
Outlook continually sends emails from one address to Junk Email
Replies
4
Views
648
callthatgirl
callthatgirl
britechguy
Mark as Spam - Which email client(s) pass this information to which email service providers?
2
Replies
32
Views
3K
NJW
NJW
pcpete
mail going to spam from gmail to multiple domains
2
Replies
29
Views
3K
Markverhyden
Markverhyden
Back
Top