Since a couple of weeks, our company have been facing malicious softwares present on our desktops but also spamming, spoofing e-mails sent to our addresses.
Basically, we are receiving two type of e-mails:
- Spams with scriptable links or attachment
- Spoof e-mails with the header of our own address (but from a different IP than ours) which also contain malicious link or attachment.
In the goal to resolve this problem, we have made the following actions:
- Scan our computers for malwares
- Change e-mail passwords
- Change domain access password (i.e our web server access)
- We have also increased SMTP server spam detections settings, black listed our own addresses and block all mails sent from IPs registered to a Vietnam Domain Name Service.
Nevertheless, we are still facing spams. Do you have other ideas to resolve this problems? I found that some malicious e-mails sent to us have precise signatures with our first and last names with means they have certainly robbed private information.
Moreover, I have found a Word with all the IDs, passwords of the company (domain access, Skype, e-mails, etc.) shared between the members of the company through DropBox. Even if all the passwords look to be strong the document is a real security breach. Because there is almost 50 passwords on this document, we didn't decide to remove it but
we have encrypted it through the option present under Microsoft Office. However, I am still wondering if the encryption is strong enough. If not, do you have other free softwares names which allow a strong encryption?
Thanks in advance for your help,