From: Emery Goss <egoss@westernexp.com>
Sent: Wednesday, March 5, 2025 5:05 PM
To: irt@westernexp.com
Subject: Fw: Phishing:4864130f-b7e0-4fed-c9b8-08dd5c03e86d|SColdiron@lamtech.net|(Shelli Coldiron shared "LAMINATE TECHNOLOGIES, INC" with you) 3/5/2025 10:04:35 PM
Phishing email sent to multiple users from a compromised email. The phishing email utilized a legitimate SharePoint link to host a phishing link that led to a fake Microsoft landing page. Blocked the sender's domain,
blocked the sharepoint link and phishing page, and removed the message from recipient mailboxes. lwall accessed the SharePoint page and attempted accessing the phishing page but was not able to reach it. I went ahead and had her reset her password.
From: Kace Security Helpdesk <securityhelpdesk@westernexp.com>
Sent: Wednesday, March 5, 2025 4:04 PM
To: irt@westernexp.com <irt@westernexp.com>
Subject: FW: Phishing:4864130f-b7e0-4fed-c9b8-08dd5c03e86d|SColdiron@lamtech.net|(Shelli Coldiron shared "LAMINATE TECHNOLOGIES, INC" with you) 3/5/2025 10:04:35 PM
________________________________________
From: Delaney Boone <dboone@westernexp.com>
Sent: Wednesday, March 5, 2025 4:04:35 PM (UTC-06:00) Central Time (US & Canada)
To: Kace Security Helpdesk
Subject: Phishing:4864130f-b7e0-4fed-c9b8-08dd5c03e86d|SColdiron@lamtech.net|(Shelli Coldiron shared "LAMINATE TECHNOLOGIES, INC" with you) 3/5/2025 10:04:35 PM
# Questionable URLs detected in message:
None
Received: from PH7PR12MB5783.namprd12.prod.outlook.com (2603:10b6:510:1d2::9) by PH7PR12MB8106.namprd12.prod.outlook.com with HTTPS; Wed, 5 Mar 2025 16:36:46 +0000
Received: from BL1PR13CA0300.namprd13.prod.outlook.com (2603:10b6:208:2bc::35) by PH7PR12MB5783.namprd12.prod.outlook.com (2603:10b6:510:1d2::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8489.25; Wed,
5 Mar 2025 16:36:41 +0000
Received: from MN1PEPF0000F0DE.namprd04.prod.outlook.com (2603:10b6:208:2bc:cafe::30) by BL1PR13CA0300.outlook.office365.com (2603:10b6:208:2bc::35) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8511.18 via Frontend Transport;
Wed, 5 Mar 2025 16:36:41 +0000
Received: from us-smtp-inbound-delivery-1.mimecast.com (170.10.132.61) by MN1PEPF0000F0DE.mail.protection.outlook.com (10.167.242.36) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8511.15 via Frontend Transport; Wed, 5
Mar 2025 16:36:40 +0000
Received: from lamtech.sendio.com (lamtech.sendio.com [216.23.184.61]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-602-y7zkzSRjM3WNpnmCqbwJhQ-1; Wed, 05 Mar 2025 11:36:36 -0500
Received: (sendio-qmail 2320941 invoked from network); 5 Mar 2025 16:29:55 -0000
Received: from unknown (HELO NAM10-MW2-obe.outbound.protection.outlook.com) (104.47.55.44) by lamtech.sendio.com with ESMTPS (TLS_AES_256_GCM_SHA384 encrypted); 5 Mar 2025 16:29:54 -0000
Received: from PH7PR22MB3916.namprd22.prod.outlook.com (2603:10b6:510:2be::13) by LV8PR22MB5408.namprd22.prod.outlook.com (2603:10b6:408:229::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8511.17; Wed,
5 Mar 2025 16:29:52 +0000
Received: from PH0PR22MB3079.namprd22.prod.outlook.com ([fe80::22c7:5fba:2337:9031]) by PH7PR22MB3916.namprd22.prod.outlook.com ([fe80::22c7:5fba:2337:9031%5]) with mapi id 15.20.8511.014; Wed, 5 Mar 2025 16:29:51 +0000
Content-Type: application/ms-tnef; name="winmail.dat"
Content-Transfer-Encoding: binary
From: Shelli Coldiron <SColdiron@lamtech.net>
To: Delaney Boone <dboone@westernexp.com>
Subject: Shelli Coldiron shared "LAMINATE TECHNOLOGIES, INC" with you
Thread-Topic: Shelli Coldiron shared "LAMINATE TECHNOLOGIES, INC" with you
Thread-Index: AQHbjeuokRud2VxPBUGw5cfCAYGZgw==
Date: Wed, 5 Mar 2025 16:28:42 +0000
Message-ID: <37600.125030511363600720@us-mta-602.us.mimecast.lan>
Accept-Language: en-US
Content-Language: en-US
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Organization-AuthSource: MN1PEPF0000F0DE.namprd04.prod.outlook.com
X-MS-Has-Attach: yes
X-MS-Exchange-Organization-Network-Message-Id: 4864130f-b7e0-4fed-c9b8-08dd5c03e86d
X-MS-Exchange-Organization-SCL: -1
X-MS-TNEF-Correlator: <37600.125030511363600720@us-mta-602.us.mimecast.lan>
X-MS-Exchange-Organization-RecordReviewCfmType: 0
x-ms-publictraffictype: Email
received-spf: PermError (protection.outlook.com: domain of lamtech.net used an invalid SPF mechanism)
authentication-results: spf=permerror (sender IP is 170.10.132.61) smtp.mailfrom=lamtech.net; dkim=fail (signature did not verify) header.d=lamtech.net;dmarc=fail action=none header.from=lamtech.net;compauth=softpass reason=201
x-forefront-antispam-report: CIP:170.10.132.61;CTRY:US;LANG:en;SCL:-1;SRV:;IPV:CAL;SFV:SKN;H:us-smtp-inbound-delivery-1.mimecast.com;PTR:us-smtp-inbound-delivery-1.mimecast.com;CAT:NONE;SFS:(13230040)(69100299015)(26013499003)(82310400026)(35042699022)(4053099003)(13003099007)(8096899003);DIR:INB;
x-ms-office365-filtering-correlation-id: 4864130f-b7e0-4fed-c9b8-08dd5c03e86d
x-ms-traffictypediagnostic: PH7PR22MB3916:EE_|LV8PR22MB5408:EE_|MN1PEPF0000F0DE:EE_|PH7PR12MB5783:EE_|PH7PR12MB8106:EE_
x-microsoft-antispam: BCL:0;ARA:13230040|69100299015|26013499003|82310400026|35042699022|4053099003|13003099007|8096899003;
x-ms-exchange-crosstenant-originalarrivaltime: 05 Mar 2025 16:36:40.8301 (UTC)
x-ms-exchange-crosstenant-network-message-id: 4864130f-b7e0-4fed-c9b8-08dd5c03e86d
x-ms-exchange-crosstenant-id: 7574e840-7b4e-4dde-9344-850222919bd8
x-ms-exchange-crosstenant-fromentityheader: Internet
x-ms-exchange-transport-crosstenantheadersstamped: PH7PR12MB5783
x-ms-exchange-transport-endtoendlatency: 00:00:05.3781880
x-ms-exchange-processed-by-bccfoldering: 15.20.8511.017
x-ms-exchange-crosstenant-authsource: MN1PEPF0000F0DE.namprd04.prod.outlook.com
x-ms-exchange-crosstenant-authas: Anonymous
x-ms-exchange-senderadcheck: 1
dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lamtech.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Z5HquR3+fl2B9gPdz4jKDCmJ+8qd/uCCuJLlfAdB+pI=; b=ogB/XSeav0WyXkKMF2SynTY6ln8SPwI/eF7up5KmVCz+DOEbo0NxXjMu0jwHXqiooJj3JR82Y9f4RyS6i2UsEiuNZ6x9wF3ryPBrm8DAdYoimWv0ou4hKMssXO9piFL5UcNRZ4WDc2Hy2QHFNxhxJCP8RBcReEdoJ1SPYP+EMJY=
authentication-results-original: relay.mimecast.com; dkim=pass header.d=lamtech.net header.s=selector1 header.b="ogB/XSea"; arc=pass ("microsoft.com:s=arcselector10001:i=1"); dmarc=pass (policy=none) header.from=lamtech.net; spf=pass (relay.mimecast.com:
domain of scoldiron@lamtech.net designates 216.23.184.61 as permitted sender)
smtp.mailfrom=scoldiron@lamtech.net
x-mc-unique: y7zkzSRjM3WNpnmCqbwJhQ-1
x-mimecast-spam-score: 0
x-eopattributedmessage: 0
x-eoptenantattributedmessage: 7574e840-7b4e-4dde-9344-850222919bd8:0
arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=Z5HquR3+fl2B9gPdz4jKDCmJ+8qd/uCCuJLlfAdB+pI=; b=nHX2RC5Vnvd+ILRyVN7il71O21iywXagKsbLmD1PWe4HcCds7EoGGjDdgy8o1D8ohlMcLyTfd1YReRff40yQBL3ecLat7CVqv7MeV4JrkDf7+Fpwbtqibq5mfu2B+1neMgoSnFV/dtK1yKyoq6DGwzPUcUmnW79hTAVBhIcy/iLR6uplqaqMDhpW98SnmHrI34jw2njsEH9BrJ+K7GWzUTH6TTSKqnNtwhXTBMcFWOL4Bbuod/auLKbeYBxCEXG84+RirlqazsNU8bXSMFpXNsTyOp+rOwzFI8bGDrKAETS85CwknYePd32cNctQC1pZhw2YnSdu2hFQnL+5eoR8Ng==
arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=TxG/2a5W+MIygmZ06wHEeURrPCOQmdkdgUawtzL1XOwDYj/ZazPZKnLB/M9uQmRtwDxGt6uhnDy0poX6U4QLKTroPBlLCpIMgTOVLbxoVo2s3kURQjP/NKluNhd8RO1NHW8sFfswZl0eSyc+dX+71OMBBnWamuwlJgLAGGP3mQHZAa2zj6+0zyAsT5L8o1kE6ufj4A84MfVVhGE3m5gghYyG7XJDZvSUn0TOgpexA2bgZo2e8AGs0Xx01ntsgUdFHHAwoRRCe26WTih+qXmq+vnge/K1qmErcryINZ+yPccXD8/Gs1QVu0yUPbDxMDlapNIDUEGSXgd2gAQZ7IG2cQ==
arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=lamtech.net; dmarc=pass action=none header.from=lamtech.net; dkim=pass header.d=lamtech.net; arc=none
x-forefront-antispam-report-untrusted: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH7PR22MB3916.namprd22.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(26013499003)(376014)(1800799024)(366016)(69100299015)(13003099007)(8096899003)(4053099003)(38070700018);DIR:OUT;SFP:1102
x-microsoft-antispam-untrusted: BCL:0;ARA:13230040|26013499003|376014|1800799024|366016|69100299015|13003099007|8096899003|4053099003|38070700018
x-microsoft-antispam-message-info-original: 9mhoVtKYXgMRstXVE6rqQNL05HN1qD035TVdhVfxd6GabW9x+b9nhQRLomrzcMUP7Cqe9fbzpgjEBMP4KLZoZ6qfpPdL2i1Vpl6VZSHt8dpEwmVwinpdAex2FJ/Cuqu6rRRlDS1j71zV9sekz6ue8N+hx35tFlkzJ70puvKigr21GG5oEYbGKKxJC6BYnxh3DfART6jyMjj37KS+53fyt7uoYRAouhBiCMd77Frf3o+sBETDGhkvSPCxYIuocTtZ9fPG4oA+oU8oCO+MtU4Eh/3VfTTRaHLse3Tg53it+qwsukY+KK3TM+pIgoJ1DiJPdvV5y8QFjKpgpr9KRZ5FKNWngPJP3bGdF1WE2RZaCnf97yjlyXkccf71C7MGy2PenK0QxgNce6cIkgi7P+4ss2zysTwEzrrVtZ1uOC9xznpGNbsGMDgKoEgD4NS4F+oCiAtaWiTHn/viUT7lLJaMKwTCQI61qtPD3Pc7HxwHeetpxlq2cYwWNk2d/LdPGwQFmWlV4irvEQHmWBaorwoCtznaFNWsBt73UfG/Vs2oX2JNF0Sjc3RN+Egia2QIV4Qq/FvGRU+0D7ivypcP7jd8lpwYqm8K3/0q7/p82916GfYsdnLSv9HAVuIUHOsLm8A4mu1tdGdwaJQYYOUu28R0QCSR1Ew+skF529voB/1B25Kmsvelk7AexrzwyOhUcg3bTnPRaIGY72yo++mNW6Q6JGB4sEwUAUf5wRevBaInZR6ivlmL6YXTHIEw2RmnX0+GPvMJyBjW3Hk7mOxm97hyiwd21vgjJ3UC9TjKTDeLGTurqeEKZFn6DKm4BkYIIXlQLki619b9pFUn7o5bfCa/DL3kbE25NcgAsNW0p4G/2ow0nIQ15UzUD+QMk+lk5INhjFPFWCMmZQyTKl+Ac3vXTyiUyQo4lHe7RbhYhTWEWyiTEiY8twomZf58011O8bryhCCKcNxAUQrucBM0sWfaywz7UICttxcHt98xLQruhjZEsaaVkf/tZOr3N+sOGXZfddm0ZVJu+d5DZgHQMfBHg7pF34T5R4QhtpxkS1MBdfcDnytYv4Pvmk7dx6D1v5hPC5LAH0GFgnr78N4KS0CaDJ+Pw6cNH7t+qTrD3/EHKQMHgOOMF/F+37tBYDj9RaGoesVrLNm0eG4vKizPl3rwKbhvHwonphJuZqwBK70//9E82a41zOlnov1UKAEnmmr3cMvdsxCguein3J8r1uQ4m3z0nJq6khROKpTGwAFKcLfgJNcHf7PyZP3as69yUMYw7ICWDJkPxAKNQstjxewXnMD2TYfkCRlgHxlazf0nZh5E/Jtew8IVo0z8ijhs+Uro/gz0Crc3Ev6+mu8PEzThwLoqlyixXi7eqiMqdwr0a7DF66YuXngQyWsiorJoctQj
x-ms-exchange-transport-crosstenantheadersstripped: MN1PEPF0000F0DE.namprd04.prod.outlook.com
x-ms-office365-filtering-correlation-id-prvs: 70a6df4d-b187-4036-6dec-08dd5c02f469
x-ms-exchange-atpmessageproperties: SA|SL
x-ms-exchange-antispam-relay: 0
MIME-Version: 1.0
If you want such reports to go to Microsoft directly, you can change the reported message destinations from the settings at
https://security.microsoft.com/userSubmissionsReportMessage