Jump to content


Phishing from Legitimate addresses

Phishing Scam

  • Please log in to reply
1 reply to this topic

#1 santoroca

  • Members
  • 1 posts

Posted 06 June 2018 - 08:29 AM

We have been plagued with e-mail attempting to get my end-users to click on a link to upgrade their e-mail accounts.  These come in in batches with slightly different verbiage in each round the link in the e-mail stays the same but the hyperlink text changes.


The link associated with the hyperlink is: http://web-mail.account-rewe0015.tripod.com/owa/


How can I stop this?


Most recent e-mail body:


To All Employees\Staff,
Take note of this important update that our new web mail has been improved 
with a new messaging system from Owa/outlook which also include faster usage on email, 
shared calendar,web-documents and the new 2018 anti-spam version.
Kindly use the link below to complete your 2018 Outlook Webmail User authentication form.
CLICK on Outlook Web Access to update immediately.
IT Service Desk Support


#2 Josh

  • Members
  • 5 posts
  • LocationMassachusetts, USA

Posted 14 January 2019 - 10:32 AM

You could create a Message Content Filter Under, [Inbound Settings]  =>[Content Policies]  then pop the URL in there with the action Block or Quarantine and scan on Body/Attachment.