A user in our domain fell prey to a phishing email that robbed her O365 creds and proceeded to own her account. It was being used for spamming, also covering its tracks somewhat by creating an inbox rule to delete everything. While tracking the activity we noticed the perpetrators traffic was coming from one of Avast’s externals. Anyone know if Avast will assist us in finding out who is behind this malicious activity? I have more deets but not posting them here.
