Greetings, my name is Guy, & this is my first question in this forum.

As an small business owner/operator I am always concerned about site-security. Unfortunately, I have not always had the time to investigate WorkSpace security alerts. Today I received another security breach warning (below), and despite following the prompts I am more confused than ever.

If an Actor can successfully spoof an account, why are they not sending millions of mails so as to make the crime worthwhile? 

I did enable the security features provided in the Admin Account to activate automated solutions going fwd.

Aside from adding the "Actor" to the blocked list, I cannot find any "remediation recommendation(s)". Can anyone offer some advice.

Kind regards,

Guy Saywell / GM TestoChecker, (PII Removed by Staff)

Begin Warning msg;

• Summary: TestoChecker <(PII Removed by Staff)> sent 2 messages that may be spoofing users with a similar display name in your domain. There were 1 recipients.
• Date: Tuesday, Nov 28, 2023, 2:52:27 PM (UTC)
• Actor: TestoChecker <(PII Removed by Staff)>
• Total messages: 2
• Received by: (PII Removed by Staff), (PII Removed by Staff)
• Severity: MEDIUM