Showing posts from May, 2020

Use PowerShell to Remove Phishing Emails from Users' Mailboxes in Office 365

Anyone on the blue team side of security thinks about how to prevent and train users not to click on phishing emails. Phishing emails are the initial vector for the vast majority of companies that fall victim to ransomware , and others harvest credentials to be used in data breaches . Office 365 / Exchange Online provides built-in protections for anti-spam and anti-phishing efforts (including ATP), but these can also be combined with 3rd party external vendors such as Symantec, ProofPoint, Cisco, SOPHOS, and more. With these technologies in place the percentage of phishing emails that are received by your users drops significantly. Most provide protection even if an email gets through by screening links and attachments if a user clicks on them (in addition to your local AV software). But because we know that some of the emails will get through and we want them deleted as soon as possible, we have two options: Send out an email asking people to be aware of a phishing email circulating t