GOffice has been receiving Phishing emails from reputable domains
Hi y’all! I’ve gotten two tickets so far from users receiving emails that look suspiciously like phishing, but the addresses look legitimate. One of them ends in @zoomus (a real domain owned by Zoom) and the other @microsoftonline.com (also owned by Microsoft) but both emails are directed towards people that neither user have ever been in communication with.
Any advice on how to further look into these messages and how to educate users on spotting them in the future?
UPDATE: both users HAVE been encouraged to delete the message or already have. We have a spam filter system but I’m not quite sure if I should be blocking these addresses since they COULD be used for legitimate purposes in the future.
Any advice on how to further look into these messages and how to educate users on spotting them in the future?
UPDATE: both users HAVE been encouraged to delete the message or already have. We have a spam filter system but I’m not quite sure if I should be blocking these addresses since they COULD be used for legitimate purposes in the future.
Solution
I'd nuke anything that doesn't come from their outlined addresses for the meantime, unless there is potential for operation impact, quick way to address the zoom domain at least momentarily.
