1

We had a few attacks in our organization where user credentials were stolen and were used to send emails from a compromised account to the rest of the organisation, with a malicious HTML attachment.

Is it possible to have HTML attachments blocked inside the organisation?

Allowing HTML attachments coming from outside but not allowing to send emails internally by staff with HTML attachments?

Greg Askew
  • 35,880
  • 5
  • 54
  • 82
  • Yes it is possible. Maybe someone could say how if you explain how the mail system is configured in your organization (mail server(s), firewalls, mail relays, etc.) – Serge Ballesta Jul 31 '17 at 08:32
  • Is the malicious HTML attachments really a problem here, or that someone has access to an Office 365 account? This seems like a problem that could and should be solved by enabling and forcing MFA, instead. – Esa Jokinen Mar 18 '21 at 08:25

2 Answers2

0

Its seems like possible, according to Microsoft:

You can inspect email attachments in your organization by setting up transport rules. Exchange offers transport rules that provide the ability to examine email attachments as a part of your messaging security and compliance needs. When you inspect attachments, you can then take action on the messages that were inspected based on the content or characteristics of those attachments.

Check this link: Use mail flow rules to inspect message attachments

Soufiane Tahiri
  • 101
  • 2
-1

Sign up to Advanced Threat Protection (ATP) in office 365.

Block OWA login for finance team.

Use 2FA on office 365 to avoid compromised accounts from being setup in the first place.

Give users a security presentation.

At the moment you are getting away lightly, how long before your organisation is subject to phishing and a customer sends money owed to you to a bank account that is not yours?

I assumed that the compromised users have had their password changed?

Justin Cooper-Marsh
  • 27
  • 3