This is an automated archive.
The original was posted on /r/cybersecurity by /u/LuckyAd4953 on 2023-08-28 17:13:55+00:00.
User clicked a phishing email and emails went out to all of her contacts. We reset her password, reset her MFA, and the user received a new computer. This all happened Friday.
User called the helpdesk (I sometimes pick those calls up) stating that none of her emails are appearing. After a quick search I discovered all emails were being forwarded to her RSS feed and therefore she was not notified. Thinking this was just some weird quirk with her new computer, I cleared the rules, and it fixed the problem. AS SOON as I did this, she goes "oh ya [your boss] told me to look to see if there's any rules and not to touch them until he looks". I get that I screwed up and made that mistake of clearing this right after she was phished... but man, her telling me the second after I cleared it really irked me.
I'm sitting here trying to resolve this. Is there a way to recover these rules? im thinking we can go into her old computer (which has been off since friday) and grab the PST files - they should be there cause it was offline when I did this.
Also - why would they forward them to the RSS to begin with? my system admin thinks it's because they didn't want the user ro receive a bunch of emails stating she sent a phishing email out. How big of a deal is it that I deleted these? my boss is traveling right now so I can't tell him for a few hours.