Recent content by Stecyk

To answer your question directly: I have a free Microsoft account linked in Accounts. In addition to the free Microsoft account, I have two enterprise E-3 accounts. One is for me, and I created the other for our small group working on a project.

Thank you, Bruce.

Steve and @garlin, thank you for letting me know that Microsoft deprecated that feature.

After applying encrypted DNS to Windows 11, I am applied Encrypted DNS to my Edge Browser. While doing so, I noticed that the Microsoft Secure Network is grayed out and unable to be altered. Reading up on the Microsoft Secure Network, it appears that it is much like Encrypted DNS. Is that...

I am providing an update for everyone who contributed to this thread. While working through the logs, we discovered that the hacker had installed malware in our tenant called PERFECTDATA SOFTWARE. It used all caps, so I am repeating it. The software was installed a few weeks prior to the mass...

No, I just got rid of the email. I reported it Microsoft and went on with my day. The faster I got rid of it, the better.

No, It appeared to be a document "RFP -- Our Organization Name -- Immediate Review Required" or something like that. RFP, of course, means request for proposal. And when I clicked on the "encrypted document," my browser took me to a malicious website where Norton shut things down. So I just...

Thank you for your comment, Russ. I have a slightly different theory. The hacker stored the emails in the Conversations folder for two reasons: He did not want the user to lose his email but also did not want the user to see the emails immediately After spamming others, he did not want the...

Yes, hacker had access to the emails. He also sent out spam emails to 265 people in the user's contact list.

The email was delivered to him, just not in its usual location. The hacker created an Outlook or Exchange rule to place the emails in "Conversations" or something. To be honest, I am not completely clear on what happened. The user complained he was not able to get email. I verified through mail...

@neemobeer After I ran the query, I found that the hacker spent most or all of its time with the email. And I see where it created a new email rule. Interesting stuff.

That's a great idea to follow up. This person is not a sophisticated user. I believe he is using Edge browser on a Mac when working on this project. The fact that the problem ceased seems to indicate that it was a one-time hit. Of course, I am not positive that is the case.

@neemobeer I followed the link you provided in your recent reply. I have begun a small audit to see what more I can learn. There are so many activities to investigate. I chose the following: There is one thing I just remembered that I haven't mentioned before. After we unblocked and provided...

You could very well be right. Why was he chosen? Was he the only one chosen? I don't know the answer to either of those questions. As of tonight, I began using an encrypted DNS. To be honest, I am not sure how an encrypted DNS would have helped in this situation. Using my naive understanding...

Looks like I found a kindred spirit on with skills in copy and paste. I doubt he clicked on any links. They had a meeting, which included a Teams meeting. I don't think he did a lot on the internet aside from that. If there was malware installed on his computer, then i would expect the...