Delete Phishing emails using Exchange Server 2010 PowerShell

Read time 3 minutes

If you believe that spammy and phishing emails are exclusive to your personal email account, think again. Even your professional email account isn’t immune. Whenever you utilize your professional email for suspicious websites, be prepared to encounter spam and phishing attempts. These phishing emails constitute a direct assault aimed at pilfering your data, credit card information, login credentials, and more.

Numerous unsuspecting users frequently become ensnared in the web of phishing scams, often deceived by emails that masquerade as harmless messages while covertly coaxing them to click on embedded links. These deceptive tactics can lead to the surreptitious installation of malware on your system, posing a grave threat to the security of your crucial information.

If you are using Microsoft Outlook in conjunction with Exchange Server 2010 as your email management system, exercising vigilance becomes even more imperative. Phishing emails may gain unauthorized access to or compromise your professional data, potentially resulting in catastrophic consequences for your business, including the exposure of sensitive business details to malicious hackers. Hence, it is imperative that you promptly identify and remove such fraudulent emails from your system as a precautionary measure.

Delete phishing emails using Exchange Server 2010 PowerShell

Exchange PowerShell lets you run useful cmdlets and make the desired changes in the whole Exchange setup. Here is the process of finding the phishing emails and delete them from the mailbox –

1. The user account which you use to delete the message should have the Mailbox Import Export permissions assigned to it. So, first, create the role group.
   New-RoleGroup “Mailbox Import-Export Management” -Roles “Mailbox Import Export”
2. Now, add a member to the role group.
   Add-RoleGroupMember “Mailbox Import-Export Management” – Member <useraccount>
3. Search any email using the following command –
   Search-Mailbox -Identity “mailboxname” -SearchQuery ‘Subject: Lucky Draw Winner’ -DeleteContent

The cmdlet will first search for a message which has a subject ‘Lucky Draw Winner’ from the mailbox and delete it.

Discovering and removing a message is a straightforward process. You have the flexibility to input specific search criteria to target and eliminate phishing emails. Nevertheless, this approach comes with several limitations that render it unsuitable for effectively managing phishing threats.

• When the number of phishing emails is quite high, then the method will take too much time to delete each one.
• The method is suitable for a single mailbox only. So, if the problem is spread into multiple user mailboxes, then you have to access each mailbox separately or use scripts.
• If the cmdlet finds another message with the same parameter, then it will delete it.
• It cannot remove any corruption from the Exchange.
• The search-mailbox cmdlet can access up to 10,000 mailboxes only.
• If you are using Exchange online, then you should use a different cmdlet New-Compliance Search.
• You need to run the cmdlets multiple times to completely remove the phishing emails.

Kernel for Exchange Server: Professional approach

Exchange Recovery software effectively repairs corrupted Exchange databases, ensuring that your mailboxes are returned to optimal health, free from any viruses or issues. Serving as a versatile EDB recovery, it boasts a wide range of features designed to empower users in effortlessly recovering an unlimited number of mailboxes.