first of all im new into cybersecurity & im new in this sub.
Our company is facing high throughput of phishing mails from *outlook.com & *hotmail.com. Our Security Email Gateway is a FortiMail which normally works fine. I saw a lot of help through google but they always affect the internal domain address spoofing. Like “Oh an important email from my Boss Mr. X” *click* (The gateway will compare the email header with the name of the boss) but this doesn’t fit on external senders.
I also cant blacklist these 2 domains because there also come serious mails from them sometimes.
Greylisting also didn’t work, a phishing mail was send 15min later again. Maybe greylisting is also kinda outdated.
The full phishing addresses look like [email protected]*. Addresses are changing, IPs are changing and content also. Its really annoying and just a matter of time when a co-worker *clicks* and enters credentials.
Maybe some guys of you can give me advice. Greetings.
Additional info: 80% of the phishing mails go to inactive accounts (reject), how ever… other 20% addressing active accounts.