Delete Phishing emails using Exchange Server 2010 PowerShell

Aftab Alam

08 Jul 2024

Read time 3 minutes

Summary: Email phishing or spoofing in Exchange Server risks your organization’s sensitive data. Several Microsoft policies help you protect your Exchange Server from receiving spoof emails, along with some manual ways to delete them if they are attained. This blog will help you understand the factors of email phishing and productive ways to get rid of it. However, we also discuss Kernel for Exchange Server software to efficiently fix your EDB file issues like corruption and import/export errors.

Free Download 100% Secure

The Exchange Server works as an organization’s epicenter, storing all crucial data in its database as EDB files. Still, there are chances of your Exchange EDB corruption being high due to external threats, including email phishing and spoofing. If you think that you get spammy and fishing emails in your personal email account only, and not in the professional email account, then you are wrong.

Whenever you use your professional email account at a suspicious website, then get ready to face the spammy and phishing emails. The phishing emails might contain malware or ransomware which puts a direct attack to steal your data, credit card details, login credentials, etc.

Many users fall into such trap unknowingly as the phishing email portray itself as an innocent mail and lures you to click on some links. It leads to the installation of malware on your system to steal crucial information.

When you have configured the MS Outlook with Exchange Server 2010 and using it as your email manager, then you need to be more cautious as the phishing mail can access or corrupt your professional data. It will be catastrophic for business as hackers can get sensitive business details. You should recognize and delete such emails as soon as possible from your system.

How to identify a phishing email in your mailbox?

Email invaders pretend to send you an email that looks like a legitimate message but has a deceptive source address. If your account is not enabled with Microsoft Advanced Threat Protection, you are likely to get trapped. However, there are some factors that can help you spot a spoofed email mentioned below:

Reward trap: One of the most common phishing emails is inviting you to use messages like ‘click this link to earn 100% cashback’.
Fooling as authority: Receiving an email with a name of authority, such as banks, friends, a news channel, etc., and asking you to click on a link showing ‘Your bank account profile is incomplete. Log in to update’.
Fake bills: Document-based phishing emails pretend to carry an invoice or billing receipt for an order you have not placed and ask you to log in with your email ID and password.

Understand anti-phishing protection in EOP

Microsoft Office 365 allows an organization to secure their Exchange Server mailboxes from phishing with the help of Exchange Online Protection (EOP). The feature detects upcoming threats in the mail and prevents EDB file exposure.

Let’s know the quality features of EOP below:

Spoof detection: Utilize spoof intelligence insight in EOP to check through phishing senders detected previously & block them or delete phishing emails accordingly.
Enable anti-phishing policies: You can set up your anti-phishing in Exchange by turning on spoof intelligence and unauthenticated sender indicators and assigning specific outputs if a spoof is detected. Also, set your DMARC check on your account, which will process the phishing detected email as per DMARC checks & perform actions if it fails.
Tenant Allow & Block List: If the sender’s specification overrides in the spoof intelligence tab, you have to manually allow or block the sender from the Tenant Allow & Block List.

Process to delete phishing emails from the mailbox

Exchange PowerShell lets you run useful cmdlets and make the desired changes in the whole Exchange setup. Here is the process of finding the phishing emails and delete them from the mailbox.

The user account which you use to delete the message should have the Mailbox Import Export permissions assigned to it. So, first, create the role group.
New-RoleGroup “Mailbox Import-Export Management” -Roles “Mailbox Import Export”
Now, add a member to the role group.
Add-RoleGroupMember “Mailbox Import-Export Management” – Member <useraccount>
Search any email using the following command –
Search-Mailbox -Identity “mailboxname” -SearchQuery ‘Subject: Lucky Draw Winner’ -DeleteContent

The cmdlet will first search for a message which has a subject ‘Lucky Draw Winner’ from the mailbox and delete it.

It is a simple procedure to find a message and delete it directly. You can input any search query based on the properties of a mail and delete the phishing emails. However, there are multiple limitations related to the method which make it not suitable to handle phishing emails.

When the number of phishing emails is quite high, then the method will take too much time to delete each one.
This method is suitable for a single mailbox only. So, if the problem is spread into multiple user mailboxes, then you have to access each mailbox separately or use scripts.
If the cmdlet finds another message with the same parameter, then it will delete it.
It cannot remove any corruption from the Exchange.
The search-mailbox cmdlet can access up to 10,000 mailboxes only.
If you are using Exchange online, then you should use a different cmdlet New-Compliance Search.
You need to run the cmdlets multiple times to completely remove the phishing emails.

Choosing a third-party automated solution for EDB corruption

Setting up several features in your Exchange database might help you to save from phishing & spoofing, but what if your mail gets corrupted before detection. The EDB file is safe from intruders but still not accessible due to corruption. So, it’s better to use Kernel for Exchange Server software to fix your EDB file from corruption & save its data to any preferred destination. It will repair corrupt Exchange databases and lets you save mailboxes in full health and without any virus. The tool has multiple features which helps the user to recover the multiple mailboxes from severe corruptions & of any size.

Free Download 100% Secure

Conclusion

Email phishing in Exchange is common, but there are many precautionary actions available to protect your data. In the above article, we have provided a brief understanding of email phishing and its working environment. The article highlights information that helps you understand the risk before harming your system and suggests EOP services for Exchange mailbox protection. However, you can easily find and delete phishing emails from your database by using the simple methods mentioned here, along with the third-party tool to fix EDB file corruptions. It’s crucial for businesses working with the Exchange Server to have a subtle option to fix
EDB corruption and access problems in the Exchange Server.