Once of my customers had one of their O365 accounts compromised yesterday.
The bad actor sent emails to about 7000 contacts with a phishing link in blocks of about 120 addressed BCC’d per email.
Account is secured and the deleted emails have now been recovered but I wanted to send a blanket email out to all of the people who received the phishing email to apologise and tell them to just delete it.
Problem is, although I can see all of the BCC address’ (because I am on the customers account and I can see them in the sent items) if I reply or reply all then I only get the customers address in the to box, not any of the BCC address’.
Anyone got a clever way of dealing with this?