cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

Outlook/Exchange accounts under attack?

Possibly it's due to all the Exchange servers still "pwned" from the SolarWinds attack. But I have been noticing a huge uptick in spam (and particularly phishing) messages in my Outlook account, rmslade@outlook.com. (The same account is also rob-the-virus@outlook.com, usual-suspects@outlook.com, isc2@outlook.com, and the-usual-suspect@outlook.com, but most of the spam seems to be addressed to rmslade@outlook.com.)

 

OK, maybe nine messages a day doesn't seem huge, but bear in mind that this is an account that I hardly ever use. I generally don't post from it, and almost never to any mailing lists. I don't exactly hide its existence, and I sometimes note it as an alternate email when people have trouble with my main Shaw account, or when I'm giving presentations. And, up until a couple of months ago, I hardly received any email in it at all. (Which is why I wonder about the SolarWinds thing.)

 

It's not as if Microsoft is really bad at spam filtering. Looking at the spam folder (which Microsoft insists on labelling "Junk") I note that there are a number of messages Microsoft has dealt with automatically. Although an awful lot of the phishing messages that I do see (and report, religiously, one of the reasons that I'm so aware of the growing spam numbers) are dead copies of each other, even if they come from different email accounts and sources.

 

I know that phishing doesn't have to have a high success rate. Sending phishing messages is pretty close to zero cost for phishers, so you can have a success rate of 0.01% and still consider that a win. But I am starting to wonder how many people are getting "pwned" by this recent onslaught ...


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468