Office 365 phishing attacks are widely witnessed and very realistic, with Office 365 spam filtering controls are easily being bypassed by scammers to ensure messages reach inboxes.
Additionally, phishing forms are being hosted on webpages that are secured with valid Microsoft SLL certificates to fool users the websites are genuine.
If a phishing email making it past perimeter defenses and arriving in an inbox, there are a number of tell-tale signs that the email is not real.
Usually, there are often spelling mistakes, incorrect grammar, and the messages are sent from questionable senders or domains. To bolster the response rate, scammers are now spending much more time carefully crafting their phishing emails and they are often virtually indistinguishable from real communications from the brand they are spoofing. In terms of style, they are carbon copies of genuine emails complete with the branding, contact data, sender details, and logos of the company being spoofed. The subject is perfectly believable and the content well written. The actions the user is asked to complete are perfectly plausible.
Hyperlinks in emails that bring users to a website where they are required to fill out their login credentials. At this stage of the phishing attack there are usually additional signs that all is not as it seems. A warning may be included in a pop up to say that the website may not be genuine, the website may begin with HTTP rather than the secure HTTPS, or the SSL certificate may not be owned by the business that the website is spoofing.
Even these tell-tale signs are not always evident, as has been shown is many recent Office 365 phishing attacks, which have the phishing forms hosted on webpages that have existing real Microsoft SSL certificates or SSL certificates that have been issued to other cloud service providers such as CloudFlare, DocuSign, or Google.
Office 365 users are being focused on by scammers as they know Office 365 phishing controls can be easily got around. Even with Microsoft’s Advanced Threat Protection for Office 365, phishing emails are still delivered. A 2017 study by SE Labs showed even with this more anti-phishing control, Office 365 anti-phishing measures were only rated in the low-middle of the market for security offered. With only the basic Exchange Online Protection, the protection was worse again.
Whether you operate an SMB or a large enterprise, you are likely to be sent high volumes of spam and phishing emails and many messages will be delivered to end users’ inboxes. Since the emails can be virtually impossible for end users to identify as dangerous, it is probable that all but the most experienced, well trained, security conscious workers will be tricked. What is therefore needed is an advanced third-party spam filtering solution that will work in tandem with Office 365 spam filtering controls to provide far greater security.
While Office 365 will prevent spam emails and phishing emails (Osterman Research proved it blocks 100% of known malware), it has been shown to lack performance against advanced phishing threats like spear phishing.
Office 365 does not have the same range of predictive technology as dedicated on-premises and cloud-based email security gateways which are much better at detecting zero-day attacks, new malware, and advanced spear phishing attacks.
To enhance protection you require a dedicated third-party spam filtering solution for Office 365 such as SpamTitan. SpamTitan focuses on defense in depth, and provides better protection against advanced phishing attacks, new malware, and complex email attacks to ensure malicious messages are blocked or quarantined instead of being delivered to end users’ inboxes. Some of the additional security measures provided by SpamTitan against Office 365 phishing attacks are detailed in the image below:
To discover more about making Office 365 safer and how SpamTitan can be of advantage to your company, get in touch with TitanHQ.