Educause Security Discussion mailing list archives
Re: Warning about malicious spoof Microsoft emails
From: Mercy Lopez <0000013bb1b55b08-dmarc-request () LISTSERV EDUCAUSE EDU>
Date: Thu, 2 Apr 2020 16:13:05 +0000
First of all, you are doing great!. I would have done the same things you mentioned on your email. However, don't
forget to enable MFA to your high priveledge users.
(In ATP2) You can also try to use (Threat Explorer) and use Search and Filter.
Most important try to speak with someone from Microsoft. Their team can assist you further with the ATP 1 issue. If
possible adding ATP 2 may be beneficial.
Good Luck,
Mercedes
On Thursday, April 2, 2020, 11:12:27 AM EDT, Curt Kappenman <ckappenman () andersonuniversity edu> wrote:
Our university has started to receive emails that appear to be from Microsoft that are not. We have been receiving
emails fromaccount-security-noreply () accountprotection microsoft com for the past few years. These emails originate
from Microsoft owned IP addresses and are part of the Office 365 tenant. Recently (as of March 22, 2020) we have
started receiving emails that seem to come from this same email address but are coming from non-Microsoft owned IP
addresses. I have yet to establish a pattern of IP’s but I wanted to warn everyone that uses Microsoft Office365 or
exchange to be aware of this issue.
For us, Microsoft has ATP but my P1 license does not allow the service to run even though Microsoft lets you configure
it (so you think the protection is active).
If anyone can give me some good suggestions of ways to block these emails (I have turned off all whitelists for
Microsoft.com email addresses and made specific blocks for the currently identified IP addresse3s of senders) I would
get very appreciative.
Curt Kappenman
Security Compliance Officer
316 Boulevard, Anderson, SC 29621
Phone: (864) 231-2850
ckappenman () andersonuniversity edu
**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the
person who sent the message, copy and paste their email address and forward the email reply. Additional participation
and subscription information can be found at https://www.educause.edu/community
**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the
person who sent the message, copy and paste their email address and forward the email reply. Additional participation
and subscription information can be found at https://www.educause.edu/community
Current thread:
- Warning about malicious spoof Microsoft emails Curt Kappenman (Apr 02)
- Re: Warning about malicious spoof Microsoft emails John McCabe (Apr 02)
- Re: [BULK] Re: [SECURITY] Warning about malicious spoof Microsoft emails Curt Kappenman (Apr 02)
- Re: [BULK] Re: [SECURITY] Warning about malicious spoof Microsoft emails Jesse Thompson (Apr 03)
- Re: [BULK] Re: [SECURITY] Warning about malicious spoof Microsoft emails Curt Kappenman (Apr 02)
- Re: Warning about malicious spoof Microsoft emails Mercy Lopez (Apr 02)
- Re: Warning about malicious spoof Microsoft emails John McCabe (Apr 02)