"Your account is set to close on" voor gedeelde Exchange Online mailbox

Windows, Android, iOS, Linux, Chrome OS, ...
Plaats reactie
Gebruikersavatar
Sinna
Elite Poster
Elite Poster
Berichten: 3253
Lid geworden op: 14 nov 2008, 08:22
Twitter: KrSi78
Locatie: Brugge
Uitgedeelde bedankjes: 342 keer
Bedankt: 230 keer
Recent bedankt: 2 keer
Contacteer:
Provider
Te Koop forum

Eén van mijn collega's attendeerde mij net op een melding afkomstig van [email protected] waarin aangegeven wordt dat de account wegens inactiviteit afgesloten zou worden. De koppeling in het bericht is legitiem en verwijst naar https://go.microsoft.com/fwlink/?LinkId=2086738. Dit lijkt mij dus geen scam/phish/...

Ik heb op de Exchange-omgeving gekeken wanneer de laatste logon was en die is van vandaag. Vanwaar die melding komt is mij dus een raadsel.

Ik vermoed dat ik dit bericht verticaal mag klasseren, maar hoor toch graag even of er hier op het forum andere gebruikers zijn die iets gelijkaardigs meegemaakt hebben.
Computer(k)nul
Gebruikersavatar
Sasuke
userbase crew
userbase crew
Berichten: 5751
Lid geworden op: 13 aug 2003, 20:25
Locatie: Vlaanderen
Uitgedeelde bedankjes: 250 keer
Bedankt: 550 keer
Provider
Te Koop forum

Das een gekende SCAM .. die mail komt zeker niet van dat adres (zie de headers) en de bedoeling is dat je de attachment opent (zeker niet doen). Vertikaal klasseren dus.

Microsoft stuurt dergelijke mails niet/nooit.
Who the fxxk is General Failure and why is he reading my hard disk ?
Afbeelding
Gebruikersavatar
Sinna
Elite Poster
Elite Poster
Berichten: 3253
Lid geworden op: 14 nov 2008, 08:22
Twitter: KrSi78
Locatie: Brugge
Uitgedeelde bedankjes: 342 keer
Bedankt: 230 keer
Recent bedankt: 2 keer
Contacteer:
Provider
Te Koop forum

Dat dacht ik al. Er waren in dit geval geen bijlages gestuurd en de headers lijken mij legitiem (enkel doeldomein en doeladres redacted):

Code: Selecteer alles

Received: from AS1PR08MB7537.eurprd08.prod.outlook.com (2603:10a6:20b:481::12)
 by AM0PR08MB2963.eurprd08.prod.outlook.com with HTTPS; Tue, 25 Apr 2023
 11:42:18 +0000
ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass;
 b=JCCqyTleHm1hSVRcmPersR4RmAXmAyyo4JPfGw5XkB4zEdPmVrAsBqoFxWiOfcjC0STp3MtKXl2Atj7PuJ4foJmmG6oPmjZbW+nzr7Srv8EGEKW2XT06T/Cwgyx0cFdcpaSAAc3mlcHXbRwlDfg6PSadkuRc9JNxgkPx8tpl3KchBP9iB8d9uYsCr+l3bxLFu3dYlSdpdnA2aBnytSl2fOvMkPDCVAuByK9ShWKS6ad7Ti2p3T71m0ODaR5OIARKZ6YwJvvEv/3DsR4HaX7zR6iz/u+lypT3o8wtmn1qUHm5R/LHRBzpy49+xqZRSvJV67xzeWuBPaJfCfjP0ncEzw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=Hu7luerJhAUv/aSkV593pwpwscR67G0es2WGhdenDdw=;
 b=Evhib5yNOlIrAduU/XwKHeKq9S8J0Aq7bnVhqqCtmxt1WYcuYZ4ob5lbZQ79XT1rCbkLh1ELcFbj/YXVOxWFi4ptkSaNx/H6ZTxGmt1kaAzvbVZl3SEme9SJTyoFyurd3bzfnbFTpMu4a7RDpHQLRckAhrO2k9tQL/bgylMRLmI99gFxRnFYcgeuXqfgHd35ETNkGm4Va3VyHpOMXGep164ElEZXjyLUPipDz7x4Boa/O+5uFa0eyTw/9AkRQgSKHiT10hIKgadb+CDBNi03MBVgQBH/7zAaXZKLFal8VqmEBkeccfyQPenKhLCx+JYa2VMdeprH7dcqrAOlVE3XRQ==
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is
 40.107.93.80) smtp.rcpttodomain=***
 smtp.mailfrom=accountprotection.microsoft.com; dmarc=pass (p=reject sp=reject
 pct=100) action=none header.from=accountprotection.microsoft.com; dkim=pass
 (signature was verified) header.d=accountprotection.microsoft.com; arc=pass
 (0 oda=0 ltdi=1)
Received: from GV3P280CA0091.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:8::25) by
 AS1PR08MB7537.eurprd08.prod.outlook.com (2603:10a6:20b:481::12) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.21; Tue, 25 Apr
 2023 11:42:17 +0000
Received: from HE1EUR04FT030.eop-eur04.prod.protection.outlook.com
 (2603:10a6:150:8:cafe::fd) by GV3P280CA0091.outlook.office365.com
 (2603:10a6:150:8::25) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.34 via Frontend
 Transport; Tue, 25 Apr 2023 11:42:17 +0000
Authentication-Results: spf=pass (sender IP is 40.107.93.80)
 smtp.mailfrom=accountprotection.microsoft.com; dkim=pass (signature was
 verified) header.d=accountprotection.microsoft.com;dmarc=pass action=none
 header.from=accountprotection.microsoft.com;compauth=pass reason=100
Received-SPF: Pass (protection.outlook.com: domain of
 accountprotection.microsoft.com designates 40.107.93.80 as permitted sender)
 receiver=protection.outlook.com; client-ip=40.107.93.80;
 helo=NAM10-DM6-obe.outbound.protection.outlook.com; pr=C
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (40.107.93.80) by
 HE1EUR04FT030.mail.protection.outlook.com (10.152.27.33) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.6340.20 via Frontend Transport; Tue, 25 Apr 2023 11:42:16 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=OHg5Pf187ql/lw/24jQ37prPskAaUMzlpc7UyAJlmdKddJK7sACXV6V4iQ2k1+8YYPE5XgkTSe6qvjB7I2CC4tvsLChg6BA4rTYCE7vM3P9zanoVbKvvCWCIY14+AzLdvuPjq4YnIm9HIwzPisMLctD3mu/jQgZnxcHyB77lKrnetWf+wdgSE1fkVXtddjI0XUX5hgNDJ/EVJP6+Lt9iyPlZYIl2Lg54cIGKz39iQQfxlxG3tu3mE0hfrR0UXnj3iJGFkNtiKxu2R4ztOQ1uIJtBZpsWMyDDixtEWvuQ3hh4oA6Mj8deP9u1OxgTjEA89mCFSqdYVyZdTBSUkLE4og==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=Hu7luerJhAUv/aSkV593pwpwscR67G0es2WGhdenDdw=;
 b=aTKJwCjjxCnrnGkpf9vf7U0P/pJ6Sr2fDhyfXcdBjSTUiRKvBbZnO4dN1AQcHf3qOsWXIJU6V0kjiVJO+GdnRkYYjtIxPWMzu+LhgzQuPG/olHK7k8ZDZhafSkAGu8PzsK30F4bfIYPvlJvns4GII+PhKEoMa3hZl/RwKhP24a31fSp5RT7QqtLhBwdx7LRKE+G/qbz4RDRmitrXMgP7PYgnlABJjLKlEVBz3Z9xpZTcm5Ds45nUaRCLuTZ0gfBbRJ1n7Lx/K/rQPOyYA5zmWLr3I5et0zfJYP+DXa5JH/650lQa1RWdTjiyJE4ez16yjxYB8fiD0cSLGf0pYq3OfA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none
 action=none header.from=accountprotection.microsoft.com; dkim=none (message
 not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=accountprotection.microsoft.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=Hu7luerJhAUv/aSkV593pwpwscR67G0es2WGhdenDdw=;
 b=SZ2SlozV22M6hXXF+sXcyh+hbiOwJvM+wm5+Bql2SxGTNOuJ6t2s5ak9MRBsTjzPvafPUr8biFEv53fyeprjLUfHTucujqmyFtalUZ9XCDDECDXDzUv6Iw2ghvApvHnoG5tszHiy763ufrdkMVvxnl9bI0L5qURpV0gFttH40Ng=
Received: from BN9PR03CA0448.namprd03.prod.outlook.com (2603:10b6:408:113::33)
 by SJ0PR16MB4798.namprd16.prod.outlook.com (2603:10b6:a03:42e::7) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.34; Tue, 25 Apr
 2023 11:42:13 +0000
Received: from BN8NAM11FT084.eop-nam11.prod.protection.outlook.com
 (2603:10b6:408:113:cafe::b5) by BN9PR03CA0448.outlook.office365.com
 (2603:10b6:408:113::33) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.34 via Frontend
 Transport; Tue, 25 Apr 2023 11:42:12 +0000
X-MS-Exchange-Authentication-Results: spf=none (sender IP is 52.188.222.33)
 smtp.mailfrom=accountprotection.microsoft.com; dkim=none (message not signed)
 header.d=none;dmarc=none action=none
 header.from=accountprotection.microsoft.com;
Received: from accountprotection.microsoft.com (52.188.222.33) by
 BN8NAM11FT084.mail.protection.outlook.com (10.13.176.169) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.6340.20 via Frontend Transport; Tue, 25 Apr 2023 11:42:12 +0000
From: Microsoft account team
	<[email protected]>
Date: Tue, 25 Apr 2023 04:42:12 -0700
Subject: Microsoft account security notification
To: ***
X-Priority: 3
X-MSAPipeline: MessageDispatcherEOP
Message-ID: <CQI0LJRWRJU4.M1RR4OHZU44J3@BL02EPF000016EA>
X-MSAMetaData:
 =?us-ascii?q?DetKltENjxm2VTyJgfgTVESThh6W2kZZHbkez1B4hsJ8!9wv5k92C8y6jqVek?=
 =?us-ascii?q?8rc7eg*zlpJVefdTGEzNQxyEr5c*8abvdPhNle7G*nMAAVdKhZS4emK09HPxg?=
 =?us-ascii?q?26eJm3vQ$$?=
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=-NDlIrp203CIlyc2dcPs7sQ=="
Return-Path: [email protected]
X-MS-TrafficTypeDiagnostic:
 BN8NAM11FT084:EE_FirstParty-MicrosoftAccount-V3-System|SJ0PR16MB4798:EE_FirstParty-MicrosoftAccount-V3-System|HE1EUR04FT030:EE_|AS1PR08MB7537:EE_|AM0PR08MB2963:EE_
X-MS-Office365-Filtering-Correlation-Id: 1764f0fe-ab7a-4a19-0e1e-08db45821ef1
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original:
 /2eOFOJ5OhZ+2QW8XAMYkZ0au7ChMHLgabwOVc5wR5vCkegfskvpteS2gQryo76i/+nrAF5mhFzj1X3ofshJ19bv/BR5/Yp9x2FGBb9oyGwSmaKIRcPnMdLem9sZGCSSD0it1BuzCMW6pvyipsqcW55cnkPyMTs6p8YgPZAFS5TiSEvxlniI6trmP4lQSz8IOPPyN48JwJhRDw0uxUB1AyxHhmmrVsswP3dnftJUaSuB5JwEczko17uOMTqws1gx1sjqOvFtYP2Dr+sZy6jgvs0jVPN6LUIi8HgdBhzjm9Lwci/1pg0xIx0EcggiHCd/NhZU8DKe/NpFP566ZaTnA78XteoIVxDGMBSzushnZnP0qL/o9iBoazNexfpWiVX7RcEJlD7XFROHV2zhlj3NJOOJK1nUp4mN5htF2GjR8rwIvWstSA/PswziLTVDVs2W26KX76Ce7Z1DuPeej0PpvNC5J8T0W9b35/uQg1hRp1eQb/W8KvGuGsuVcojnh+ZSoVVsf97lk4GxKRFO14ChD3tzHIYtLwY0I/RjYfL5QhVzL5rARZHSK7PbP7bzC/ZM/vHnjdHIn80ZN0g9yrXM8LfFIiNHxnijdeJ5Cr9wWffS5T+0Ozw6yilGOeiYqtlXXAiuCUBzV3GyRdLKrAy1Wp5vO0TY6A42ZXE+L6gYxlk3/U7eq8F5nkPTLefMy97NKPqlpRsXjlzOi1SqIHNHWuAq1a7EiB9qcwizxaZqlmf33PYNu+vK76qiGtDNwBd6PB/DSpHXihyIu6RMJnWa1Q==
X-Forefront-Antispam-Report-Untrusted:
 CIP:52.188.222.33;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:accountprotection.microsoft.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(7916004)(396003)(376002)(136003)(346002)(39860400002)(42606007)(47530400004)(47690400004)(451199021)(66899021)(478600001)(10290500003)(9316004)(5660300002)(8936002)(8676002)(2906002)(118246002)(33716001)(86362001)(33656002)(15650500001)(166002)(68406010)(6916009)(316002)(36736006)(356005)(41300700001)(81166007)(3480700007)(336012)(966005)(186003)(52230400001)(956004)(121820200001)(9686003)(6512007)(26005)(33964004)(83380400001)(6486002)(135563018)(51984009)(459424003);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-Original-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-Original-0:
 S8qfO2kREhCSEwce+Xs5SvB+TsKWMKBiyVttGm0TJ7qDF09jdfn+mVSfeTdYZOj1cbZD6Bku/EB2vES0Lmo/Tmi7hWku8RvX59Ne01W7EfJz/jRtkxiIiVGSyIr67mb+czGbiFkE/mE2ACjHNXUy5zwSYn1+FxHRz87FT+GreRdCy00i/xzfIeBbFzmPsExkmGZbOrKN8SG19p13eVv5L+CexsBfzvxfHo3gbBmUfQTJ3naqWSMfh7eDX1SetLF+fdHCDyjOd5FJQvGi5oVQKFXSxzDSExmygKX88H3Pc8C/axNx9HwCEKyE0hGWMfHVtcZf9s3OgFlJQAppU2k9WkcvChnpVIu9CIGFEz9Missxcx7q/213VDHIQSwQjPWDhECcwqjP4pUyq3EtXI5VGWeFPz4Jwk0EuhLKjWsenMz/RXhAuEBWsFH+ZH0uCir0QT5h4wZvvgaREAlTOEc5LjHbMeMyNihMiPmFVaa/DfZH9ruhjwOXA98+87ZvZ3H5RWJo9YImxcQiHUO42GX/zw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR16MB4798
X-MS-Exchange-Organization-ExpirationStartTime: 25 Apr 2023 11:42:17.0236
 (UTC)
X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit
X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit
X-MS-Exchange-Organization-Network-Message-Id:
 1764f0fe-ab7a-4a19-0e1e-08db45821ef1
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: c46ce6e7-07eb-47f8-bf5f-8e08aeb203b9:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-MS-Exchange-Transport-CrossTenantHeadersStripped:
 HE1EUR04FT030.eop-eur04.prod.protection.outlook.com
X-MS-Exchange-Transport-CrossTenantHeadersPromoted:
 HE1EUR04FT030.eop-eur04.prod.protection.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Exchange-Organization-AuthSource:
 HE1EUR04FT030.eop-eur04.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Office365-Filtering-Correlation-Id-Prvs:
 ea4470d9-1503-489c-1aeb-08db45821c5a
X-MS-Exchange-Organization-SCL: -1
X-Microsoft-Antispam: BCL:1;
X-Forefront-Antispam-Report:
 CIP:40.107.93.80;CTRY:US;LANG:en;SCL:-1;SRV:;IPV:NLI;SFV:NSPM;H:NAM10-DM6-obe.outbound.protection.outlook.com;PTR:mail-dm6nam10on2080.outbound.protection.outlook.com;CAT:NONE;SFS:;DIR:INB;
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Apr 2023 11:42:16.2424
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 1764f0fe-ab7a-4a19-0e1e-08db45821ef1
X-MS-Exchange-CrossTenant-Id: c46ce6e7-07eb-47f8-bf5f-8e08aeb203b9
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5ba90553-c2cd-460e-b5fd-ab93ad9155c7;Ip=[52.188.222.33];Helo=[accountprotection.microsoft.com]
X-MS-Exchange-CrossTenant-AuthSource:
 HE1EUR04FT030.eop-eur04.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS1PR08MB7537
X-MS-Exchange-Transport-EndToEndLatency: 00:00:02.3567732
X-MS-Exchange-Processed-By-BccFoldering: 15.20.6319.034
X-Microsoft-Antispam-Mailbox-Delivery:
	ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097);
X-Microsoft-Antispam-Message-Info:
	=?us-ascii?Q?WpH2uBAuiRLQ3t9BxOxPY31RDWsfl0Hy7boxiLlVBWCKY993hRm6a8/O0jLX?=
 =?us-ascii?Q?cEb6b6BKDJ59mUHoffo5QVHUN8RXB0D5AQ1N4jleWuGbTAJ1/NapFhugD6br?=
 =?us-ascii?Q?wMICFAHDUenoS8xOOxnUn2awLkDNQQEn0SEZS5coPNhRRxFDD7K0BX3Toz/5?=
 =?us-ascii?Q?8Gg6mwrIx6/81jxuC+ojjgOX/G7LeMphAdWLOZckvPbmhutjwW0qteaVEhAJ?=
 =?us-ascii?Q?rTq/H0P5kB+2wHo/T/oxz+HGbYSzW+M8QP7gpgMfEegdOvxDZUc7p/4q/off?=
 =?us-ascii?Q?fJDx2nYu4goapUP6ginVvpk0KqdWgy6sxscnQG5/KYPC2ubRKSAoPS+HkaaI?=
 =?us-ascii?Q?7XSCLrOk9UJokSkqWSieh1TxlSSo8yjQyRJBhJo/MT0YXKrNUiXk7tvwTRmb?=
 =?us-ascii?Q?vsS9rgJ+sAeAqaNZI6JHWz1ERoxeJF7sry8iDfN2z/kUPQOo1YfHHqOYvs6p?=
 =?us-ascii?Q?k2sbHcG8t8pew+u6s1+HI4pOvHhwVhenuG7Oase/1AB2r2PMKUTnx5SDQH4G?=
 =?us-ascii?Q?YpfCtZGxpw1fDvMWmNlM3n9gNGze3pcphDChgpfKsYdXUQcwv8yiMX3onNTu?=
 =?us-ascii?Q?9BsfSfgIqaUjp2jz/3atIvGPNn8p0oOwR19m6JH79yBvyvUAU5QZu5xnKtHM?=
 =?us-ascii?Q?6ZmAOjplCeJWaPXGTxuMP1GrXjrNHCXPypnE5f5zg4RzvrnL+WyE2f6siSCT?=
 =?us-ascii?Q?8WlYa6GeIuJycU0LOiLIm4KZboVOhaMB15l0BwXkV6t2gBQiU8qSqeU4gMF6?=
 =?us-ascii?Q?iMTsLXV04cU+9e82PpouernSHxaH3ZJB2amxjYM78wolRqlm11SdrQdYRGps?=
 =?us-ascii?Q?EU01FHj7osOpKDICzAhjo5ox7ok7LD2xG+n3AZ61lrBFyxRJXSw0BIdE6dn8?=
 =?us-ascii?Q?irNU2MjHN1oXY0xqvVm0H0p61+JfhvVKKShmSxUT96FFEXlSNnsNa4KJegmU?=
 =?us-ascii?Q?nBZk7DmP1leNaObe3ECyqEqCHgBl7FPvIGYyCERLOjWbD3C7Rsl1OxrPTBh2?=
 =?us-ascii?Q?XrWZLWUI/f6mF6mPdiebOdyB7aBROuiiCw+i82rNU6ZhEPVLWzvOeZJFv5+i?=
 =?us-ascii?Q?xcwJHuy+qrGoQD46ijh+xm4QONpe0vMTzPze6CBT7KvhQ4pKTs05/topmN7e?=
 =?us-ascii?Q?Az0n+F3R1i4WijWT88zHrUwlnXjbT0Qz3uIwElr41AL5ecrlkMqXV42jam/E?=
 =?us-ascii?Q?PAs4qxsHrpo5NGWMt7A9COPh74O36nsVqGzy8tOTY0c8Rp2c/cHPrun1oMRy?=
 =?us-ascii?Q?QkXmy6n8QV/bSSM4xvv/VtNn+dtOOzQdZbjYASjYu/Pn3881YrlgnDs6M7+l?=
 =?us-ascii?Q?YOnTk1vOGTOnnSuqtw6Dvev8kCQwYOaZHPWDTb68RVrjbXtWvsZvedX4D3/k?=
 =?us-ascii?Q?31y8/9pCwXkViBeUrsTnuzF4/ds5ysVcBgciG98iMW8WXhSAD8S9BFagDxXx?=
 =?us-ascii?Q?gt6oFfbsdUEsF19LA0n3DvKTsgFy4PTqZ6qJtSVJemjJzCndf6gHLIlD1rja?=
 =?us-ascii?Q?Ey/C02gwO0oA44gcaPWRdkKPObPFlX/9RYHPvDwxDWJAs1tRoI39yS+tXtgt?=
 =?us-ascii?Q?49LoyonitTEtE4gsFzXqhR+EwFzI9oxdeewHaglxF8erCAJiJ6xHtwctIUWZ?=
 =?us-ascii?Q?noLFjlRCh3Ar5s+uN9SZbCNirNK7HX8Qe2vIkXzHJ7NuC33mmB5tZwonrgcG?=
 =?us-ascii?Q?tJnv8HrJYcmMVokWLU38D2xVhzC3x9SbdGAWC/ErGr0zRzGKsf9RuNTmC3nR?=
 =?us-ascii?Q?qHizYds0jHdia1NT8/gG88yH5OMRqc0IeJfS4i63usGL/qoM6Qipp8rkc522?=
 =?us-ascii?Q?esFiFqR/y1Ffpw=3D=3D?=
Geen vuiltje aan de lucht dus, én https://go.microsoft.com/fwlink/?LinkId=2086738 gaat weldegelijk over retentiebeleid van inactieve accounts...
Computer(k)nul
Gebruikersavatar
Sasuke
userbase crew
userbase crew
Berichten: 5751
Lid geworden op: 13 aug 2003, 20:25
Locatie: Vlaanderen
Uitgedeelde bedankjes: 250 keer
Bedankt: 550 keer
Provider
Te Koop forum

Hmm, toch een vreemde. Nu, aan de headers lijkt het alsof iemand een hoop Exchange headers heeft geinjecteerd om het bericht te laten markeren als safe, want transport gewijze is dit via SMTP binnengekomen op 'een' MS tenant en dan cross-tenant doorgestuurd naar jullie tenant. Die link is inderdaad legitiem, maar dat is hoe (spear)phishing te werk gaat natuurlijk.

Zulke zaken kunnen een voorbode zijn van een effectieve aanval hé ... eerst even zo, daarna dezelfde mails mét de attachment nadat er al een vals gevoel van veiligheid werd gecreëerd.

OF ... en ik heb zulke mails nooit gekregen, maar na het lezen van de link zou het wel kunnen ... Als er ook 'Microsoft Accounts' zijn gemaakt geweest (dat gebeurd soms auto ... heb ik gemerkt bij tenant cleanups vooral ...) dan zal de mail gaan over die Microsoft Account (!= M365 Account)
Who the fxxk is General Failure and why is he reading my hard disk ?
Afbeelding
Gebruikersavatar
Sinna
Elite Poster
Elite Poster
Berichten: 3253
Lid geworden op: 14 nov 2008, 08:22
Twitter: KrSi78
Locatie: Brugge
Uitgedeelde bedankjes: 342 keer
Bedankt: 230 keer
Recent bedankt: 2 keer
Contacteer:
Provider
Te Koop forum

Gelukkig zijn mijn collega's (nog) zo alert om mij die verdachte mailtjes door te sturen ipv. zelf meteen aan de slag te gaan.

Even gecontroleerd en inderdaad: er bestaat ook een persoonlijke Microsoft-account met dat email-adres... Weird!
Computer(k)nul
Plaats reactie

Terug naar “Software en apps”