Yes, we use Proofpoint. It has done a great job and will quarantine these messages once they get classified. We are dealing with very targeted zero-day type PHISHing (our last round were messages composed to look like they were sent by our CEO - with his signature and inline photo). The payload was an attached PDF with the image having an embedded malicious URL.
-----Original Message----- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff Sent: Thursday, October 05, 2017 11:18 AM To: exchange@lists.myitforum.com Subject: Re: [Exchange] PDF Spam No external spam filter? With quarantine? Kurt On Thu, Oct 5, 2017 at 7:55 AM, Rimmel, Carl <crimm...@hfhs.org> wrote: > We have been seeing an uptick in SPAM containing PDF attachments. The > PDFs are composed of a full-page image that, when moused-over, points > to a malicious web site. We have tried to use Transport Rules to > block these based on the moused-over URL but Exchange seems unable to > properly detect these embedded URLs. We are able to use Transport > Rules to block PDFs with plain text so we know that the server is inspecting > them properly. > > > > Any ideas on how to battle these pesky messages? ________________________________ CONFIDENTIALITY NOTICE: This email contains information from the sender that may be CONFIDENTIAL, LEGALLY PRIVILEGED, PROPRIETARY or otherwise protected from disclosure. This email is intended for use only by the person or entity to whom it is addressed. If you are not the intended recipient, any use, disclosure, copying, distribution, printing, or any action taken in reliance on the contents of this email, is strictly prohibited. If you received this email in error, please contact the sending party by reply email, delete the email from your computer system and shred any paper copies. Note to Patients: There are a number of risks you should consider before using e-mail to communicate with us. See our Privacy & Security page on www.henryford.com for more detailed information as well as information concerning MyChart, our new patient portal. If you do not believe that our policy gives you the privacy and security protection you need, do not send e-mail or Internet communications to us.