Recent studies based on an analysis of more than 55 million emails reveal that one in every 99 emails is a phishing attack, and that 25% of these sneak into Office 365. What makes Office 365 such a prime target for phishers? It’s marketplace dominance across all industries.Office 365 is one of the most widely used office suite packages in the world, boasting over 60 million commercial users. The more users a platform has, the higher the chance of hacking success. To combat rampant cybercrime, it’s critical that organizations understand common Office 365 phishing attacks and implement native and external anti-phishing solutions.
4 Common Office 365 Phishing Attacks
While phishing attacks are constantly evolving and becoming more sophisticated in an attempt to dupe unsuspecting victims, there are a few common Office 365 phishing tactics hackers often employ.
- Non-delivery emails: Most workers send dozens or even hundreds of emails per day, so receiving the occasional non-delivery email is to be expected. Hackers know this and will send fake non-delivery emails with a malicious “send again” link to create chaos.
- PhishPoint: This scam uses a legitimate file to circumvent all native Office 365 security defenses, and hides its malicious link within a popular collaboration tool such as SharePoint.
- Reactivation requests: This phish is nothing more than an email requesting that users reactivate their account. A link will take the user to a phony login page, and once credentials are plugged in, they go straight into the hands of the hacker.
- Storage limitation alerts: Considering the amount of data processed every day, most people aren’t surprised when they receive an email warning that they’re approaching their Office 365 storage limit. Hackers bank on this, sending these fake notifications that require logging in to the account to activate a storage quota to correct the issue. As with reactivation requests, the login page is fake, and any credentials entered into the page’s password fields are stolen.
Native Office 365 Email Protection
Understanding the devastating effects phishing can have on an organization, Microsoft developed Advanced Threat Protection (ATP) as part of its Office 365 email protection services. ATP doesn’t need to be enabled: Rather, it works automatically if you add it as part of your Office 365 subscription.
ATP anti-phishing applies a set of machine learning models together with impersonation detection algorithms to incoming messages, scanning incoming email for malware, malicious links, and spoofing attempts. When an email containing any of these is detected, the service’s default setting will block the email from entering a user’s inbox. However, an organization’s security admin can adjust ATPs protection capabilities. Some of the options available for adjustment include:
- Which users and domains are protected
- Which senders and domains are trusted
- What actions should be taken when phishing is suspected (quarantine, redirect, move to the junk folder, deliver, no action, or add anti-phishing tips for users)
- Phishing threshold levels (admins should be careful with these settings; moderate thresholds may allow phish to slip through, whereas highly aggressive thresholds may block important legitimate emails)
- Whether mailbox intelligence should be employed (analyzing a user's emails and personal contacts to develop a map of relationships to combat impersonation attempts)
External Office 365 Email Protection
While ATP is a great start for keeping Office 365 secure, the fact is that Microsoft’s expertise does not lie in phishing and the company is not responsible for phishing vulnerabilities. They even acknowledge this on their website: “With Office 365, it’s your data. You own it. You control it.” Knowing this, it’s important for companies to supplement ATP with a quality, third-party anti-phishing solution.
Clearedin phishing prevention software integrates seamlessly with Office 365 security (as well as other platforms such as Gmail and Slack) to identify and eliminate phishing attacks, using the content from meta data to build a communications Trust Graph. This protects the company from phishing scams without having to read the content of the email or instant message, ensuring privacy for employees and clients while offering the best security possible. Our artificial intelligence (AI) platform scans for each of the following:
- Small changes in email addresses and URLs
- Changes in the frequency of emails being sent by individuals (establishing a sender baseline)
- Changes in the frequency of emails that are received by individuals (establishing a recipient baseline)
Using this information, Clearedin identifies any potential risks and automatically labels and disarms them. At the same time, it also provides information to the end users to help them understand why those communications were flagged as a potential threat. Then, the user can make an informed decision on whether or not to unlock the message.
While Microsoft’s Office 365 email protection is valuable and provides a number of security benefits, organization’s should never rely solely on protection from a platform that doesn’t specialize in phishing prevention. Keep your Office 365 secure with a little help from the experts at Clearedin. To learn more about Clearedin and our phishing software, contact our team today!
Protect Your Organization From BEC Phishing Attacks
Download our guide to learn everything you need to know about BEC attacks.