Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
334
Views
0
Helpful
1
Replies

received Spam Quarantine Notification with malicious url

peter-forum-21
Level 1
Level 1

‎12-10-2023 04:24 AM - edited ‎12-10-2023 04:25 AM

Hello,

there is a C195 with OS 14.2.3-031 (not sure since when this version is installed)
and around 30-80 Users receive a 
Spam Quarantine Notification
with unfamilar url (linked to OWA phishing) at button:
View Quarantine
Release

(it arrived from a external unfamilar SMTP Server)
Inside the report: it contained a sender and a reference line which is real business-case
ESA doens´t marked it as dangerous and transported it to end-user.
The Destination URL was linked to a unfamilar Website asking for OWA credentials. 

Question:  Did you ever heard of such problem, do you think that this is in connection with CVE ?

Labels:
0 Helpful
1 Reply 1

Ken Stieers
VIP
VIP

‎12-10-2023 05:19 AM

Sounds like it was just a well crafted phishing attempt that got through the system.
0 Helpful
Customers Also Viewed These Support Documents