Pagina 1 van 1
"Your account is set to close on" voor gedeelde Exchange Online mailbox
Geplaatst: 25 apr 2023, 14:11
door Sinna
Eén van mijn collega's attendeerde mij net op een melding afkomstig van
[email protected] waarin aangegeven wordt dat de account wegens inactiviteit afgesloten zou worden. De koppeling in het bericht is legitiem en verwijst naar
https://go.microsoft.com/fwlink/?LinkId=2086738. Dit lijkt mij dus geen scam/phish/...
Ik heb op de Exchange-omgeving gekeken wanneer de laatste logon was en die is van vandaag. Vanwaar die melding komt is mij dus een raadsel.
Ik vermoed dat ik dit bericht verticaal mag klasseren, maar hoor toch graag even of er hier op het forum andere gebruikers zijn die iets gelijkaardigs meegemaakt hebben.
Re: "Your account is set to close on" voor gedeelde Exchange Online mailbox
Geplaatst: 25 apr 2023, 14:56
door Sasuke
Das een gekende SCAM .. die mail komt zeker niet van dat adres (zie de headers) en de bedoeling is dat je de attachment opent (zeker niet doen). Vertikaal klasseren dus.
Microsoft stuurt dergelijke mails niet/nooit.
Re: "Your account is set to close on" voor gedeelde Exchange Online mailbox
Geplaatst: 25 apr 2023, 16:08
door Sinna
Dat dacht ik al. Er waren in dit geval geen bijlages gestuurd en de headers lijken mij legitiem (enkel doeldomein en doeladres
redacted):
Code: Selecteer alles
Received: from AS1PR08MB7537.eurprd08.prod.outlook.com (2603:10a6:20b:481::12)
by AM0PR08MB2963.eurprd08.prod.outlook.com with HTTPS; Tue, 25 Apr 2023
11:42:18 +0000
ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass;
b=JCCqyTleHm1hSVRcmPersR4RmAXmAyyo4JPfGw5XkB4zEdPmVrAsBqoFxWiOfcjC0STp3MtKXl2Atj7PuJ4foJmmG6oPmjZbW+nzr7Srv8EGEKW2XT06T/Cwgyx0cFdcpaSAAc3mlcHXbRwlDfg6PSadkuRc9JNxgkPx8tpl3KchBP9iB8d9uYsCr+l3bxLFu3dYlSdpdnA2aBnytSl2fOvMkPDCVAuByK9ShWKS6ad7Ti2p3T71m0ODaR5OIARKZ6YwJvvEv/3DsR4HaX7zR6iz/u+lypT3o8wtmn1qUHm5R/LHRBzpy49+xqZRSvJV67xzeWuBPaJfCfjP0ncEzw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=Hu7luerJhAUv/aSkV593pwpwscR67G0es2WGhdenDdw=;
b=Evhib5yNOlIrAduU/XwKHeKq9S8J0Aq7bnVhqqCtmxt1WYcuYZ4ob5lbZQ79XT1rCbkLh1ELcFbj/YXVOxWFi4ptkSaNx/H6ZTxGmt1kaAzvbVZl3SEme9SJTyoFyurd3bzfnbFTpMu4a7RDpHQLRckAhrO2k9tQL/bgylMRLmI99gFxRnFYcgeuXqfgHd35ETNkGm4Va3VyHpOMXGep164ElEZXjyLUPipDz7x4Boa/O+5uFa0eyTw/9AkRQgSKHiT10hIKgadb+CDBNi03MBVgQBH/7zAaXZKLFal8VqmEBkeccfyQPenKhLCx+JYa2VMdeprH7dcqrAOlVE3XRQ==
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is
40.107.93.80) smtp.rcpttodomain=***
smtp.mailfrom=accountprotection.microsoft.com; dmarc=pass (p=reject sp=reject
pct=100) action=none header.from=accountprotection.microsoft.com; dkim=pass
(signature was verified) header.d=accountprotection.microsoft.com; arc=pass
(0 oda=0 ltdi=1)
Received: from GV3P280CA0091.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:8::25) by
AS1PR08MB7537.eurprd08.prod.outlook.com (2603:10a6:20b:481::12) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.21; Tue, 25 Apr
2023 11:42:17 +0000
Received: from HE1EUR04FT030.eop-eur04.prod.protection.outlook.com
(2603:10a6:150:8:cafe::fd) by GV3P280CA0091.outlook.office365.com
(2603:10a6:150:8::25) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.34 via Frontend
Transport; Tue, 25 Apr 2023 11:42:17 +0000
Authentication-Results: spf=pass (sender IP is 40.107.93.80)
smtp.mailfrom=accountprotection.microsoft.com; dkim=pass (signature was
verified) header.d=accountprotection.microsoft.com;dmarc=pass action=none
header.from=accountprotection.microsoft.com;compauth=pass reason=100
Received-SPF: Pass (protection.outlook.com: domain of
accountprotection.microsoft.com designates 40.107.93.80 as permitted sender)
receiver=protection.outlook.com; client-ip=40.107.93.80;
helo=NAM10-DM6-obe.outbound.protection.outlook.com; pr=C
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (40.107.93.80) by
HE1EUR04FT030.mail.protection.outlook.com (10.152.27.33) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.6340.20 via Frontend Transport; Tue, 25 Apr 2023 11:42:16 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=OHg5Pf187ql/lw/24jQ37prPskAaUMzlpc7UyAJlmdKddJK7sACXV6V4iQ2k1+8YYPE5XgkTSe6qvjB7I2CC4tvsLChg6BA4rTYCE7vM3P9zanoVbKvvCWCIY14+AzLdvuPjq4YnIm9HIwzPisMLctD3mu/jQgZnxcHyB77lKrnetWf+wdgSE1fkVXtddjI0XUX5hgNDJ/EVJP6+Lt9iyPlZYIl2Lg54cIGKz39iQQfxlxG3tu3mE0hfrR0UXnj3iJGFkNtiKxu2R4ztOQ1uIJtBZpsWMyDDixtEWvuQ3hh4oA6Mj8deP9u1OxgTjEA89mCFSqdYVyZdTBSUkLE4og==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=Hu7luerJhAUv/aSkV593pwpwscR67G0es2WGhdenDdw=;
b=aTKJwCjjxCnrnGkpf9vf7U0P/pJ6Sr2fDhyfXcdBjSTUiRKvBbZnO4dN1AQcHf3qOsWXIJU6V0kjiVJO+GdnRkYYjtIxPWMzu+LhgzQuPG/olHK7k8ZDZhafSkAGu8PzsK30F4bfIYPvlJvns4GII+PhKEoMa3hZl/RwKhP24a31fSp5RT7QqtLhBwdx7LRKE+G/qbz4RDRmitrXMgP7PYgnlABJjLKlEVBz3Z9xpZTcm5Ds45nUaRCLuTZ0gfBbRJ1n7Lx/K/rQPOyYA5zmWLr3I5et0zfJYP+DXa5JH/650lQa1RWdTjiyJE4ez16yjxYB8fiD0cSLGf0pYq3OfA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none
action=none header.from=accountprotection.microsoft.com; dkim=none (message
not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=accountprotection.microsoft.com; s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=Hu7luerJhAUv/aSkV593pwpwscR67G0es2WGhdenDdw=;
b=SZ2SlozV22M6hXXF+sXcyh+hbiOwJvM+wm5+Bql2SxGTNOuJ6t2s5ak9MRBsTjzPvafPUr8biFEv53fyeprjLUfHTucujqmyFtalUZ9XCDDECDXDzUv6Iw2ghvApvHnoG5tszHiy763ufrdkMVvxnl9bI0L5qURpV0gFttH40Ng=
Received: from BN9PR03CA0448.namprd03.prod.outlook.com (2603:10b6:408:113::33)
by SJ0PR16MB4798.namprd16.prod.outlook.com (2603:10b6:a03:42e::7) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.34; Tue, 25 Apr
2023 11:42:13 +0000
Received: from BN8NAM11FT084.eop-nam11.prod.protection.outlook.com
(2603:10b6:408:113:cafe::b5) by BN9PR03CA0448.outlook.office365.com
(2603:10b6:408:113::33) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.34 via Frontend
Transport; Tue, 25 Apr 2023 11:42:12 +0000
X-MS-Exchange-Authentication-Results: spf=none (sender IP is 52.188.222.33)
smtp.mailfrom=accountprotection.microsoft.com; dkim=none (message not signed)
header.d=none;dmarc=none action=none
header.from=accountprotection.microsoft.com;
Received: from accountprotection.microsoft.com (52.188.222.33) by
BN8NAM11FT084.mail.protection.outlook.com (10.13.176.169) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.6340.20 via Frontend Transport; Tue, 25 Apr 2023 11:42:12 +0000
From: Microsoft account team
<[email protected]>
Date: Tue, 25 Apr 2023 04:42:12 -0700
Subject: Microsoft account security notification
To: ***
X-Priority: 3
X-MSAPipeline: MessageDispatcherEOP
Message-ID: <CQI0LJRWRJU4.M1RR4OHZU44J3@BL02EPF000016EA>
X-MSAMetaData:
=?us-ascii?q?DetKltENjxm2VTyJgfgTVESThh6W2kZZHbkez1B4hsJ8!9wv5k92C8y6jqVek?=
=?us-ascii?q?8rc7eg*zlpJVefdTGEzNQxyEr5c*8abvdPhNle7G*nMAAVdKhZS4emK09HPxg?=
=?us-ascii?q?26eJm3vQ$$?=
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=-NDlIrp203CIlyc2dcPs7sQ=="
Return-Path: [email protected]
X-MS-TrafficTypeDiagnostic:
BN8NAM11FT084:EE_FirstParty-MicrosoftAccount-V3-System|SJ0PR16MB4798:EE_FirstParty-MicrosoftAccount-V3-System|HE1EUR04FT030:EE_|AS1PR08MB7537:EE_|AM0PR08MB2963:EE_
X-MS-Office365-Filtering-Correlation-Id: 1764f0fe-ab7a-4a19-0e1e-08db45821ef1
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original:
/2eOFOJ5OhZ+2QW8XAMYkZ0au7ChMHLgabwOVc5wR5vCkegfskvpteS2gQryo76i/+nrAF5mhFzj1X3ofshJ19bv/BR5/Yp9x2FGBb9oyGwSmaKIRcPnMdLem9sZGCSSD0it1BuzCMW6pvyipsqcW55cnkPyMTs6p8YgPZAFS5TiSEvxlniI6trmP4lQSz8IOPPyN48JwJhRDw0uxUB1AyxHhmmrVsswP3dnftJUaSuB5JwEczko17uOMTqws1gx1sjqOvFtYP2Dr+sZy6jgvs0jVPN6LUIi8HgdBhzjm9Lwci/1pg0xIx0EcggiHCd/NhZU8DKe/NpFP566ZaTnA78XteoIVxDGMBSzushnZnP0qL/o9iBoazNexfpWiVX7RcEJlD7XFROHV2zhlj3NJOOJK1nUp4mN5htF2GjR8rwIvWstSA/PswziLTVDVs2W26KX76Ce7Z1DuPeej0PpvNC5J8T0W9b35/uQg1hRp1eQb/W8KvGuGsuVcojnh+ZSoVVsf97lk4GxKRFO14ChD3tzHIYtLwY0I/RjYfL5QhVzL5rARZHSK7PbP7bzC/ZM/vHnjdHIn80ZN0g9yrXM8LfFIiNHxnijdeJ5Cr9wWffS5T+0Ozw6yilGOeiYqtlXXAiuCUBzV3GyRdLKrAy1Wp5vO0TY6A42ZXE+L6gYxlk3/U7eq8F5nkPTLefMy97NKPqlpRsXjlzOi1SqIHNHWuAq1a7EiB9qcwizxaZqlmf33PYNu+vK76qiGtDNwBd6PB/DSpHXihyIu6RMJnWa1Q==
X-Forefront-Antispam-Report-Untrusted:
CIP:52.188.222.33;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:accountprotection.microsoft.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(7916004)(396003)(376002)(136003)(346002)(39860400002)(42606007)(47530400004)(47690400004)(451199021)(66899021)(478600001)(10290500003)(9316004)(5660300002)(8936002)(8676002)(2906002)(118246002)(33716001)(86362001)(33656002)(15650500001)(166002)(68406010)(6916009)(316002)(36736006)(356005)(41300700001)(81166007)(3480700007)(336012)(966005)(186003)(52230400001)(956004)(121820200001)(9686003)(6512007)(26005)(33964004)(83380400001)(6486002)(135563018)(51984009)(459424003);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-Original-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-Original-0:
S8qfO2kREhCSEwce+Xs5SvB+TsKWMKBiyVttGm0TJ7qDF09jdfn+mVSfeTdYZOj1cbZD6Bku/EB2vES0Lmo/Tmi7hWku8RvX59Ne01W7EfJz/jRtkxiIiVGSyIr67mb+czGbiFkE/mE2ACjHNXUy5zwSYn1+FxHRz87FT+GreRdCy00i/xzfIeBbFzmPsExkmGZbOrKN8SG19p13eVv5L+CexsBfzvxfHo3gbBmUfQTJ3naqWSMfh7eDX1SetLF+fdHCDyjOd5FJQvGi5oVQKFXSxzDSExmygKX88H3Pc8C/axNx9HwCEKyE0hGWMfHVtcZf9s3OgFlJQAppU2k9WkcvChnpVIu9CIGFEz9Missxcx7q/213VDHIQSwQjPWDhECcwqjP4pUyq3EtXI5VGWeFPz4Jwk0EuhLKjWsenMz/RXhAuEBWsFH+ZH0uCir0QT5h4wZvvgaREAlTOEc5LjHbMeMyNihMiPmFVaa/DfZH9ruhjwOXA98+87ZvZ3H5RWJo9YImxcQiHUO42GX/zw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR16MB4798
X-MS-Exchange-Organization-ExpirationStartTime: 25 Apr 2023 11:42:17.0236
(UTC)
X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit
X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit
X-MS-Exchange-Organization-Network-Message-Id:
1764f0fe-ab7a-4a19-0e1e-08db45821ef1
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: c46ce6e7-07eb-47f8-bf5f-8e08aeb203b9:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-MS-Exchange-Transport-CrossTenantHeadersStripped:
HE1EUR04FT030.eop-eur04.prod.protection.outlook.com
X-MS-Exchange-Transport-CrossTenantHeadersPromoted:
HE1EUR04FT030.eop-eur04.prod.protection.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Exchange-Organization-AuthSource:
HE1EUR04FT030.eop-eur04.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Office365-Filtering-Correlation-Id-Prvs:
ea4470d9-1503-489c-1aeb-08db45821c5a
X-MS-Exchange-Organization-SCL: -1
X-Microsoft-Antispam: BCL:1;
X-Forefront-Antispam-Report:
CIP:40.107.93.80;CTRY:US;LANG:en;SCL:-1;SRV:;IPV:NLI;SFV:NSPM;H:NAM10-DM6-obe.outbound.protection.outlook.com;PTR:mail-dm6nam10on2080.outbound.protection.outlook.com;CAT:NONE;SFS:;DIR:INB;
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Apr 2023 11:42:16.2424
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 1764f0fe-ab7a-4a19-0e1e-08db45821ef1
X-MS-Exchange-CrossTenant-Id: c46ce6e7-07eb-47f8-bf5f-8e08aeb203b9
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5ba90553-c2cd-460e-b5fd-ab93ad9155c7;Ip=[52.188.222.33];Helo=[accountprotection.microsoft.com]
X-MS-Exchange-CrossTenant-AuthSource:
HE1EUR04FT030.eop-eur04.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS1PR08MB7537
X-MS-Exchange-Transport-EndToEndLatency: 00:00:02.3567732
X-MS-Exchange-Processed-By-BccFoldering: 15.20.6319.034
X-Microsoft-Antispam-Mailbox-Delivery:
ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097);
X-Microsoft-Antispam-Message-Info:
=?us-ascii?Q?WpH2uBAuiRLQ3t9BxOxPY31RDWsfl0Hy7boxiLlVBWCKY993hRm6a8/O0jLX?=
=?us-ascii?Q?cEb6b6BKDJ59mUHoffo5QVHUN8RXB0D5AQ1N4jleWuGbTAJ1/NapFhugD6br?=
=?us-ascii?Q?wMICFAHDUenoS8xOOxnUn2awLkDNQQEn0SEZS5coPNhRRxFDD7K0BX3Toz/5?=
=?us-ascii?Q?8Gg6mwrIx6/81jxuC+ojjgOX/G7LeMphAdWLOZckvPbmhutjwW0qteaVEhAJ?=
=?us-ascii?Q?rTq/H0P5kB+2wHo/T/oxz+HGbYSzW+M8QP7gpgMfEegdOvxDZUc7p/4q/off?=
=?us-ascii?Q?fJDx2nYu4goapUP6ginVvpk0KqdWgy6sxscnQG5/KYPC2ubRKSAoPS+HkaaI?=
=?us-ascii?Q?7XSCLrOk9UJokSkqWSieh1TxlSSo8yjQyRJBhJo/MT0YXKrNUiXk7tvwTRmb?=
=?us-ascii?Q?vsS9rgJ+sAeAqaNZI6JHWz1ERoxeJF7sry8iDfN2z/kUPQOo1YfHHqOYvs6p?=
=?us-ascii?Q?k2sbHcG8t8pew+u6s1+HI4pOvHhwVhenuG7Oase/1AB2r2PMKUTnx5SDQH4G?=
=?us-ascii?Q?YpfCtZGxpw1fDvMWmNlM3n9gNGze3pcphDChgpfKsYdXUQcwv8yiMX3onNTu?=
=?us-ascii?Q?9BsfSfgIqaUjp2jz/3atIvGPNn8p0oOwR19m6JH79yBvyvUAU5QZu5xnKtHM?=
=?us-ascii?Q?6ZmAOjplCeJWaPXGTxuMP1GrXjrNHCXPypnE5f5zg4RzvrnL+WyE2f6siSCT?=
=?us-ascii?Q?8WlYa6GeIuJycU0LOiLIm4KZboVOhaMB15l0BwXkV6t2gBQiU8qSqeU4gMF6?=
=?us-ascii?Q?iMTsLXV04cU+9e82PpouernSHxaH3ZJB2amxjYM78wolRqlm11SdrQdYRGps?=
=?us-ascii?Q?EU01FHj7osOpKDICzAhjo5ox7ok7LD2xG+n3AZ61lrBFyxRJXSw0BIdE6dn8?=
=?us-ascii?Q?irNU2MjHN1oXY0xqvVm0H0p61+JfhvVKKShmSxUT96FFEXlSNnsNa4KJegmU?=
=?us-ascii?Q?nBZk7DmP1leNaObe3ECyqEqCHgBl7FPvIGYyCERLOjWbD3C7Rsl1OxrPTBh2?=
=?us-ascii?Q?XrWZLWUI/f6mF6mPdiebOdyB7aBROuiiCw+i82rNU6ZhEPVLWzvOeZJFv5+i?=
=?us-ascii?Q?xcwJHuy+qrGoQD46ijh+xm4QONpe0vMTzPze6CBT7KvhQ4pKTs05/topmN7e?=
=?us-ascii?Q?Az0n+F3R1i4WijWT88zHrUwlnXjbT0Qz3uIwElr41AL5ecrlkMqXV42jam/E?=
=?us-ascii?Q?PAs4qxsHrpo5NGWMt7A9COPh74O36nsVqGzy8tOTY0c8Rp2c/cHPrun1oMRy?=
=?us-ascii?Q?QkXmy6n8QV/bSSM4xvv/VtNn+dtOOzQdZbjYASjYu/Pn3881YrlgnDs6M7+l?=
=?us-ascii?Q?YOnTk1vOGTOnnSuqtw6Dvev8kCQwYOaZHPWDTb68RVrjbXtWvsZvedX4D3/k?=
=?us-ascii?Q?31y8/9pCwXkViBeUrsTnuzF4/ds5ysVcBgciG98iMW8WXhSAD8S9BFagDxXx?=
=?us-ascii?Q?gt6oFfbsdUEsF19LA0n3DvKTsgFy4PTqZ6qJtSVJemjJzCndf6gHLIlD1rja?=
=?us-ascii?Q?Ey/C02gwO0oA44gcaPWRdkKPObPFlX/9RYHPvDwxDWJAs1tRoI39yS+tXtgt?=
=?us-ascii?Q?49LoyonitTEtE4gsFzXqhR+EwFzI9oxdeewHaglxF8erCAJiJ6xHtwctIUWZ?=
=?us-ascii?Q?noLFjlRCh3Ar5s+uN9SZbCNirNK7HX8Qe2vIkXzHJ7NuC33mmB5tZwonrgcG?=
=?us-ascii?Q?tJnv8HrJYcmMVokWLU38D2xVhzC3x9SbdGAWC/ErGr0zRzGKsf9RuNTmC3nR?=
=?us-ascii?Q?qHizYds0jHdia1NT8/gG88yH5OMRqc0IeJfS4i63usGL/qoM6Qipp8rkc522?=
=?us-ascii?Q?esFiFqR/y1Ffpw=3D=3D?=
Geen vuiltje aan de lucht dus, én
https://go.microsoft.com/fwlink/?LinkId=2086738 gaat weldegelijk over retentiebeleid van inactieve accounts...
Re: "Your account is set to close on" voor gedeelde Exchange Online mailbox
Geplaatst: 25 apr 2023, 16:17
door Sasuke
Hmm, toch een vreemde. Nu, aan de headers lijkt het alsof iemand een hoop Exchange headers heeft geinjecteerd om het bericht te laten markeren als safe, want transport gewijze is dit via SMTP binnengekomen op 'een' MS tenant en dan cross-tenant doorgestuurd naar jullie tenant. Die link is inderdaad legitiem, maar dat is hoe (spear)phishing te werk gaat natuurlijk.
Zulke zaken kunnen een voorbode zijn van een effectieve aanval hé ... eerst even zo, daarna dezelfde mails mét de attachment nadat er al een vals gevoel van veiligheid werd gecreëerd.
OF ... en ik heb zulke mails nooit gekregen, maar na het lezen van de link zou het wel kunnen ... Als er ook 'Microsoft Accounts' zijn gemaakt geweest (dat gebeurd soms auto ... heb ik gemerkt bij tenant cleanups vooral ...) dan zal de mail gaan over die Microsoft Account (!= M365 Account)
Re: "Your account is set to close on" voor gedeelde Exchange Online mailbox
Geplaatst: 25 apr 2023, 19:15
door Sinna
Gelukkig zijn mijn collega's (nog) zo alert om mij die verdachte mailtjes door te sturen ipv. zelf meteen aan de slag te gaan.
Even gecontroleerd en inderdaad: er bestaat ook een persoonlijke Microsoft-account met dat email-adres... Weird!