One of my organization's users just showed us an interesting problem: every message they tried to send (in OWA 365) contained the following scary text:

Your mailbox has exceeded one or more size limits set by your administrator. Your mailbox size is 1098957 KB. Mailbox size limits: You will receive a warning when your mailbox reaches 900000 KB.You may not be able to send or receive new mail until you reduce your mailbox size. To make more space available, Login Here to reduce your mailbox size. See client Help for more information.

Help Desk.

We discovered that this common phishing message had been saved as the default signature (formatted text). It may have happened when checking mail on 3rd party computers while out of office. Their workstation shows no sign of infection.

Has anyone heard of Outlook signatures being used as an attack vector? My Google searches are coming up empty. It's possible that this was just a bizarre copy & paste mistake by the user rather than an intentional attack.

S.L. Barth
  • 5,486
  • 8
  • 38
  • 47
Foo Bar
  • 367
  • 2
  • 11

1 Answers1


Infection is not the likely intrusion vector: it was likely that the account was compromised.

The user's passwords should be changed right away and the account inspected to see if other accounts have been linked, etc.

  • 123,438
  • 55
  • 284
  • 319