As I’m sure many others have encountered, within days of creating any user in O365, they start receiving spam, phishing, and solicitation emails. Some of these bad actors have shown a very clear pattern to me, so it leads me to believe a team of bad actors may have found access to our GAL and will make regular attempts to scam our employees. I’m of course, also curious how I might find that employees with minimal outside communications (external communications are with specific individuals at client companies.)

Unfortunately, I haven’t much experience with SecOPs, so I’m curious if anyone more experienced can suggest some good tools to recommend for me to do some digging into this. Tool/app platform doesn’t matter, I’ve got Windows, Mac, and Linux machines available to utilize for testing.

  • just some guyOP
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Thanks for sharing! I didn’t know didigetpwned had a domain search option. I’ll have to check out the pricing. Could be a good passive tool for checking in on any compromised accounts.

    O365 does have pretty good email filtering tools, but plenty does get right through them, surprisingly even the spoofs that fail domain validity checks can get through.