Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


xpd

xpd

Geek @ Coastguard NZ
13765 posts

Uber Geek

Retired Mod
ID Verified
Trusted
Lifetime subscriber

#239298 11-Jul-2018 10:02
Send private message

User on Office 365 for email, gets spammed with 7000+ emails – the usual porn, drugs stuff.  Most went into the Junk folder. User deletes them all, then after approx. 4+ days we get requested to investigate what happened. When checking the Office 365 admin control panel and the incoming email stats, theres no sign of those 7000 emails ever hitting Office 365.  User does not have multiple accounts or anything setup, just the single O365 email account.

 

I tried a recover deleted items, and only found a single spammy email.

 

So where the hell did these emails come from, and/or why did O365 not see them in its stats as incoming email ? Any ideas or things to check ? Users systems have been checked over and virus/malware free.

 

 





       Gavin / xpd / FastRaccoon / Geek of Coastguard New Zealand

 

                      LinkTree

 

 

 


Create new topic
Dynamic
3866 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #2054278 11-Jul-2018 12:32
Send private message

Wow...  that's an odd one.  SOmone could have dragged and dropped the messages into his folders (unlikely) but that doesn't explain why they aren't in the dumpster.  It's possible that Mickeysoft had a failure and then cleaned it up but that's not necessarily likely either.

 

365 Audit logs are off by default from memory and only kept for 7 days, but maybe have a look in case I'm wrong.  I think these are in the Security & Compliance area.





“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

 

Referral links to services I use, really like, and may be rewarded if you sign up:
PocketSmith for budgeting and personal finance management.  A great Kiwi company.




plas
453 posts

Ultimate Geek


  #2054330 11-Jul-2018 13:39
Send private message

Dynamic:

 

Wow...  that's an odd one.  SOmone could have dragged and dropped the messages into his folders (unlikely) but that doesn't explain why they aren't in the dumpster.  It's possible that Mickeysoft had a failure and then cleaned it up but that's not necessarily likely either.

 

365 Audit logs are off by default from memory and only kept for 7 days, but maybe have a look in case I'm wrong.  I think these are in the Security & Compliance area.

 

 

 

 

Pretty sure they are off by default, but they are kept longer than 7 days. Looking at mine they go back several months until the day we enabled auditing.

 

 

 

If they have retention policy enabled Security & Compliance you can use eDiscovery to dump the email box out as a csv, then look for the folder "\Recoverable Items\DiscoveryHolds". Depending on the policy config you can find a copy of hard deleted emails in here.


gbwelly
1243 posts

Uber Geek


  #2054333 11-Jul-2018 13:47
Send private message

If the messages were shift-deleted directly in the Junk container they wont be recoverable using recover deleted items on the deleted items container. Use MFC-Mapi (or 'dumpsteralwayson' registry key if it still works) to try and recover the deleted items in Junk. Consider a retention policy or litigation hold for more control in future. Are you using the exchange message trace function to search for them?










wazzageek
1093 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #2054491 11-Jul-2018 18:21
Send private message

Just for confirmation, what was the mail client in use?  Was it Outlook on the Web, or the Outlook client?

 

I'll do a couple of checks in the next couple of hours, but I'm just wondering if the emails were "bcc'd" and thus not showing in the audits?

 

 


Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.