Jump to content

Cloud Office Security Detections

Go to solution Solved by product_manager_8,

Recommended Posts

The customer reports a growing increase in malware detections in recent days in the security solution ESET Cloud Office Security, reports sending emails from the email account soporte@yumbolon.com, and this account is used to receive support emails, not for sending emails, that account is used with spyceworks for receiving support cases, the case numbers generated is very different from the numbering used in the production environment of the client. the customer changed the credentials of the account soporte@yumbolon.com, but still continues to report sending emails.

The customer indicates that the polylon.com domain is not in use, but in the MXTOOLBOX tool it reports the same TXT record for both domains.

The customer is concerned that the protection may have decreased protection




Detecciones Liveguard.JPG

Link to comment
Share on other sites

  • ESET Staff
  • Solution

Hi @jeifabdi, it is possible that someone is impersonating the "support" email but the real "from" address is actually different. If you have these emails in quarantine, go there, click on any one of them that says it´s coming from "support", and once you´re in the email´s detail page, you will see a link that says "show headers". If you click that, you will see the email headers and you can compare whether the "sender" field and "return path" fields are the same. If they are completely different, even on a different domain, it is likely that somebody is trying to impersonate the support sender. image.png

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...