none
Can anyone think of a way to block this...?

    Question

  • I have a user who is getting several spam emails.  The problem is this...

    The email is listed as coming from Patty L...which is a valid employee, but when you hover over the name the email address is not Patty's.  For example...the last email came from mailto:marek.dolegowski@pdmsuwalki.pl

    The from address is different every time...so I can just block the use.  Sending domain is different as well.

    The emails are always worded differently and usually have a link to click on.  Of course the link is always titled Invoice-<random_numbers>.pdf.  If you hover over this (what looks to be a file link) it goes to some bogus web address.  For instance this last email is titled INVOICE-44131-Apr-26-2017-US-071949.PDF but the link goes to http://michaelbang.com/invoice-42754-apr-26-2017-us-592864/

    My user has been good at not clicking on these links, but I would like to find a way to block them all together.  We do have a 3rd party spam service and I have reached out to them as well as it is getting past their services as well.

    Any ideas?
    Thanks

     

    Wednesday, April 26, 2017 7:42 PM

Answers

  • Hi Michael,

    I'm afraid there is no easy way to completely block these spam emails.

    Microsoft are making continuous efforts to distinguish these phishing e-mail message. However, Because it can be hard to distinguish a phishing e-mail message from a legitimate e-mail message from, say, your bank, the Junk E-mail Filter evaluates each incoming message to see if it is suspicious and contains suspicious links or was sent by using a spoofed e-mail address. If the filter determines that a message is suspicious, the message is sent to the Junk E-mail folder, and the links in the message are disabled. To prevent you from unwittingly replying to a message with a spoofed e-mail address, the Reply and Reply All functionality is disabled for that message. In addition, any attachments in the suspicious message are blocked. See the following article for more information:

    https://support.office.com/en-gb/article/How-Outlook-helps-protect-you-from-viruses-spam-and-phishing-97b7a7c0-05fc-4337-9280-a45f41440520

    In addition, here is an article which listed some methods you can try. You may have a look at it and see if it helps.

    http://markgossa.blogspot.sg/2016/01/spoofed-email-display-name-exchange-2016.html

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Regards,

    Steve Fan


    Please remember to mark the replies as answers if they helped.

    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.



    Friday, April 28, 2017 7:30 AM
    Moderator

All replies

  • Hi Michael,

    I'm afraid there is no easy way to completely block these spam emails.

    Microsoft are making continuous efforts to distinguish these phishing e-mail message. However, Because it can be hard to distinguish a phishing e-mail message from a legitimate e-mail message from, say, your bank, the Junk E-mail Filter evaluates each incoming message to see if it is suspicious and contains suspicious links or was sent by using a spoofed e-mail address. If the filter determines that a message is suspicious, the message is sent to the Junk E-mail folder, and the links in the message are disabled. To prevent you from unwittingly replying to a message with a spoofed e-mail address, the Reply and Reply All functionality is disabled for that message. In addition, any attachments in the suspicious message are blocked. See the following article for more information:

    https://support.office.com/en-gb/article/How-Outlook-helps-protect-you-from-viruses-spam-and-phishing-97b7a7c0-05fc-4337-9280-a45f41440520

    In addition, here is an article which listed some methods you can try. You may have a look at it and see if it helps.

    http://markgossa.blogspot.sg/2016/01/spoofed-email-display-name-exchange-2016.html

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Regards,

    Steve Fan


    Please remember to mark the replies as answers if they helped.

    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.



    Friday, April 28, 2017 7:30 AM
    Moderator
  • I am in the processes of putting this rule in place, but I think it will resolve our issue.  

    Thanks for the help.

    P.S.  Our 3rd party spam service could not find a proper way to block it and has us sending these spam messages to there rules people for future review.

    Thanks again.
    Monday, May 1, 2017 1:05 PM