Solved: 'Potential employee spoofing' - No remediation rec...

Australia · 11-28-2023 03:34 PM

Greetings, my name is Guy, & this is my first question in this forum.

As an small business owner/operator I am always concerned about site-security. Unfortunately, I have not always had the time to investigate WorkSpace security alerts. Today I received another security breach warning (below), and despite following the prompts I am more confused than ever.

If an Actor can successfully spoof an account, why are they not sending millions of mails so as to make the crime worthwhile?

I did enable the security features provided in the Admin Account to activate automated solutions going fwd.

Aside from adding the "Actor" to the blocked list, I cannot find any "remediation recommendation(s)". Can anyone offer some advice.

Kind regards,

Guy Saywell / GM TestoChecker, (PII Removed by Staff)

Begin Warning msg;

Summary: TestoChecker <(PII Removed by Staff)> sent 2 messages that may be spoofing users with a similar display name in your domain. There were 1 recipients.
Date: Tuesday, Nov 28, 2023, 2:52:27 PM (UTC)
Actor: TestoChecker <(PII Removed by Staff)>
Total messages: 2
Received by: (PII Removed by Staff), (PII Removed by Staff)
Severity: MEDIUM

KevinApodaca

There are plenty of options for remediation in these scenarios, what Google Workspace SKU do you have ?

View solution in original post

KevinApodaca

There are plenty of options for remediation in these scenarios, what Google Workspace SKU do you have ?

Australia

Kevin Hi, & Thanks for making the effort. I was going to update this thread this morning but you beat me to the punch. The cause was/is very simple in fact. One of the Contact Boxes had the super-duper 'send a copy to yourself' option enabled.

That'll do it 🙂

'Potential employee spoofing' - No remediation recommendations