Article
How to Resolve Suspicious Mailbox Rule Issue
This guide will help users understand how to resolve Account Takeover issues detected in emails and implement best practices to reduce the risk of financial fraud.
Review
Review the flagged mailbox and details. It will contain the following details:
- Mailbox: The affected user’s mailbox.
- Provider: The email provider of the mailbox.
- Indicators: Why the mailbox was flagged (e.g., Suspicious Email Rule Detected, Unusual activity in audit logs).
Investigate
Analyze the issue and its flagged indicators to understand the impact.
- Assess severity: Higher severity levels indicate increased urgency and potential risk.
- Analyze the flagged indicators: Examine the indicators and why it was flagged as suspicious.
- Check the employee: Verify if the employee is in charge of those indicators or if it is Account Takeover.
Mitigate
- If Account Takeover, take action:
- Quarantine the user:
- Strengthen Security: Enable Multi-Factor Authentication (MFA, reset affected passwords and ensure security best practices.
- Resolve the Issue in Stance: Mark it as “Resolved” after implementing corrective actions.
- If the email is legitimate, mark the issue as “Not an Issue” in Stance and document the reasoning for future reference.
Monitor
- Track Impacted Mailboxes: Continuously monitor for any unusual activity or suspicious behavior.
- Enhance Employee Awareness: Provide Security awareness training and reinforce email security best practices.
Conclusion
Users can effectively mitigate financial fraud risks and maintain a secure email environment by following these steps. If you have additional questions, contact our support team at security@at-bay.com or via intercom chat. We’re here to help keep your organization secure!