Outlook Rule "delete it" Created on Multiple Computers

0

0

I'm a system administrator at a small university with about 150 full time staff.

In the past week, I've had two clients report that they're not getting any emails. On examination, we find that they are getting messages, but the messages are moved immediately to the trash. Both users are using Outlook 2010 connected to our exchange server. They may occasionally use OWA when accessing remotely.

We examined their message rules and found a rule entitled "delete it". The rule says

After the message arrives
Move it to the trash

Makes sense!

Finding this on one user's computer looked like a foolish user move (experimenting with rules) or a prank. Finding this on two accounts makes me suspicious of foul play.

Question: My googling has turned up few/no reports of this being a common situation. Am I seeing a new situation? Are there known phishing attempts that create this behavior?

Thanks!

SteadH

Posted 2014-10-10T17:41:00.953

Reputation: 133

Answers

1

Yeah, because TWO users couldn't possibly make the same silly mistake. ;)

Delete it, does it come back? If so, THEN worry about it.

And if it does come back, I'd suggest starting with checking for policies pushing out rules to the user before assuming there's a huge phishing ring out there determined to move peoples emails to their recycling bin (how would that help a phisher exactly?). :)

Ƭᴇcʜιᴇ007

Posted 2014-10-10T17:41:00.953

Reputation: 103 763

It does not come back, and I've had both users change their passwords just for fun. It definitely would not help the professional phisher. Thanks for the solid answer! – SteadH – 2014-10-10T22:03:28.723

Asked: 2014-10-10T17:41:00.953

Viewed: 166 times

Active: 2017-06-29T17:13:16.080