This is an automated archive.
The original was posted on /r/sysadmin by /u/wombocombo27 on 2023-08-18 00:21:41+00:00.
Today I had 2 emails make it through exchange and they were delivered to everyone in the org. The first was from a gmail account with the name of our director with a change in one letter. Example:
From: Ali Perrish [email protected]
Subject:Re: What time are you here?
Body: Empty
There was nothing linking out in the body.
The second was something similar with a different employees names but instead asking that their credit card Info be updated.
I guess my question would be how I can mitigate and lessen this for the future? I obviously can’t block the gmail domain, and they do not have the funding for MS Defender( if that would even help) or something like mimecast. I have a pretty strict policy in place, and haven’t had anything happen until now. Is there some sort of spoofing policy for users? Any advice is appreciated!