As I’m sure many others have encountered, within days of creating any user in O365, they start receiving spam, phishing, and solicitation emails. Some of these bad actors have shown a very clear pattern to me, so it leads me to believe a team of bad actors may have found access to our GAL and will make regular attempts to scam our employees. I’m of course, also curious how I might find that employees with minimal outside communications (external communications are with specific individuals at client companies.)

Unfortunately, I haven’t much experience with SecOPs, so I’m curious if anyone more experienced can suggest some good tools to recommend for me to do some digging into this. Tool/app platform doesn’t matter, I’ve got Windows, Mac, and Linux machines available to utilize for testing.