Intercept QR code pitures mail - ORF Forums

Intercept QR code pitures mail RSS Back to forum

1

Dear ORF Engineer,
Our company (CNOOC & Shell Petrochemicals Company Limited in China) has been using ORF tool for more than 10 years, and we are looking for support when we encounter problems recently
How to intercept by ORF if the internal mailbox user gets the account password stolen and then sends phishing emails like QR code pictures through this mailbox?
For a beginner of ORF, can you provide some guidance documents?

by Edward Wong 1 year ago
2

@Edward Wong: Hello Edward,

I apologize for the late response.

If a spammer gains access to an internal user account and begins sending phishing emails to other employees through intranet emails, ORF will not help because it only screens external emails originating from the internet - not intranet messages.

If you need to find which account was compromised, open the Exchange protocol logs and look for lines with “AUTH LOGIN”. If no usernames are logged with the AUTH LOGIN entries, make sure that Exchange is configured to include the account names that are used for authentication in the SMTP protocol logs. To enable verbose logging, you will need to turn up the diagnostic logging level to maximum on your Exchange server.

After identifying the user account, modify the password in Active Directory. If the account is a temporary one that has been forgotten, it may be necessary to disable or delete it. If the spammers used the guest account, disable or delete it (changing the guest account's password alone is not enough). Additionally, ensure that a robust password policy is enforced on all accounts, with requirements such as long passwords containing uppercase and lowercase letters, numbers, special characters, and regular password changes.

by Daniel Novak (Vamsoft) 1 year ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2