One of our users has had their email compromised last week! They are reasonably tech-savy but they've clearly clicked on something that they shouldn't and a load of emails were sent out via their email account (you could see them in the sent items). I followed the instruction on the MS site (link) for responding to a Compromised email account and thought that was the end of it! Yesterday however there were emails recevied by people external to our organisation replying to emails that this user had received but sent from random email addresses but with the users name eg John Smith <[email protected]> and not [email protected].
Is the account still compromised or because they had access originally does that mean that they would have downloaded the inbox contents and can now reply to those emails with a different email account?
Ive checked that there are no delegate access been granted or send as permissions but is there anything else I can check?
Is it worth scanning the PC with something such as Malwarebytes?
Thanks, Mark
Is the account still compromised or because they had access originally does that mean that they would have downloaded the inbox contents and can now reply to those emails with a different email account?
Ive checked that there are no delegate access been granted or send as permissions but is there anything else I can check?
Is it worth scanning the PC with something such as Malwarebytes?
Thanks, Mark