Microsoft 365, which encapsulates Office 365, is incredibly popular – and one of its most commonly used components is Exchange Online and Outlook – Microsoft’s online email server and desktop and mobile email client, respectively.
When it comes to email, security is a big concern – with one particular email security topic increasingly making the headlines. We’re talking about phishing, a frustratingly effective e-mail attack that’s experienced by 86% of businesses, according to the 2020 UK Cyber Security Breaches Survey.
In this article, we will outline what a phishing attack is – and explain how Microsoft 365 and its component email services can help protect your company against phishing attacks.
What exactly is a phishing attack?
Phrases that explain cybersecurity attacks are often used quite liberally and not always with a full understanding of exactly what it means, so we’ll quickly explain exactly what a phishing attack is.
First, phishing is almost always carried out in spam-like, bulk fashion – even though highly targeted phishing does occur. In essence, phishing depends on disguise: disguising the true sender, and disguising the true destination.
Phishing is intended to fool recipients into clicking on a link or downloading a malicious attachment. Phishing comes from “fish”, and hence trying to fool recipients because the attacker is fishing and hoping that a vulnerable recipient will “bite”.
Broadly, attackers have one of two goals in mind. First, simply for the victim to download malware – be it spyware, or something else. More commonly, phishing attacks are carried out because the attack is hoping to collect sensitive information such as credit card data.
How Microsoft 365 protects you against phishing attacks
Some phishing emails are poor efforts and can be easily spotted but there are phishing emails that look very close to the real thing and humans can find it quite hard to detect these without close scrutiny.
However, the technical characteristics of these emails can be giveaways. Office 365’s Exchange Online has a number of tools for detecting these characteristics and either block emails or warning users. These tools include:
-
Anti-spam filter. Phishing efforts are often carried out in bulk, phishing is essentially a more malicious type of spam. Microsoft’s anti-spam filters use the data generated across millions of Office 365 tenants to identify known spammers and to filter out these emails. By consequence, many blunt-force phishing emails are also filtered out because these simply present as common-variety spam.
-
Anti-phishing checks. Phishing attacks have, however, become more sophisticated and can, for example, use personal details to try and impersonate a key employee in an attack. It goes beyond simple spam. Thankfully, included in Microsoft 365, the Defender tool uses machine learning to catch up to the more sophisticated phishing attacks. For example, Defender creates a map of the users that a email recipient corresponds with and then deploys tools to determine whether a recipient is real – or fake.
-
Malware and attachments. Sometimes the phishing payload is carried as an attachment – or attackers use phishing to execute malware. Microsoft’s tools use sophisticated scanning to detect the malicious payload – going as far as to “open” the code in sandbox, analysing the effects of the code to try and understand whether it hides a threat.
-
Link analysis. Phishing often relies on the user clicking a link to visit a fake yet deceptive real-looking website. Here, the attacker expects the user to give away key personal details such as a credit card number which can then be used in a further exploit. Office 365 scans links to identify dangerous destinations – and then warns users against clicking on a link that is suspicious.
In combination, the above Office 365 features can detect and mitigate most of the more common phishing attacks, delivering an essential layer of protection.
Always educate your users about phishing emails
While Office 365’s anti-phishing tools are terrific at catching many of the automated phishing attempts, the most sophisticated and targeted attempts may still get past Office 365 – and into your user’s inboxes.
User education is therefore critical – and it is not easy given how authentic some of these emails can appear. The most determined attackers may even craft unique, targeted, one-off messages to try and fool operational and senior staff.
The first step is to get your staff to care about and be aware of phishing attempts. Next, ensure that your colleagues knew the basics – for example, that a “from” address can easily be faked and that the URL behind a link should be closely scrutinized.
Also, impress on your co-workers that attacks are becoming more and more targeted and personal. Essentially, if there is any doubt the best way to verify a message is via live chat or a phone call.
Not yet migrated to Office 365? Unsure how to educate your users about the threats of phishing? Your IT support partner is there to help.