Office 365 phishing attacks are widely witnessed, very realistic, and Office 365 spam filtering controls are easily being got around by cybercriminals to ensure messages land in inboxes. Further, phishing forms are being hosted on webpages that are secured with valid Microsoft SLL certificates to trick users into believing that the websites are real.
Should a phishing email get past perimeter defenses and arriving in an inbox, there are many giveaway signs that the email is not genuine.
There are often spelling errors, bad grammar, and the messages are sent from suspicious senders or domains. To improve the response rate, cybercriminals are now spending much more time carefully creating their phishing emails and they are often virtually indistinguishable from real communications from the brand they are spoofing. Formatting wish, they are carbon copies of real emails complete with the branding, contact information, sender details, and logos of the business being spoofed. The subject is perfectly realistic and the content well composed. The actions the user is asked to take are perfectly plausible.
Hyperlinks are included in emails that direct users to a website where they are asked to enter their login credentials. At this stage of the phishing attack there are usually more indications that all is not as it seems. A warning may flash up that the website may not be authentic, the website may begin with HTTP rather than the secure HTTPS, or the SSL certificate may not be owned by the company that the website is spoofing.
Even these tell-tale signs are not always on display, as has been shown is many recent Office 365 phishing attacks, which have the phishing forms hosted on webpages that have current Microsoft SSL certificates or SSL certificates that have been issued to other cloud service providers such as CloudFlare, DocuSign, or Google.
To greatly enhance your security measures you will require a dedicated third-party spam filtering solution for Office 365 such as SpamTitan. SpamTitan focuses on defense in depth, and supplies superior protection against advanced phishing attacks, new malware, and complex email attacks to ensure malicious messages are restricted or quarantined rather than being sent to end users’ inboxes. Some of the additional security measures supplied by SpamTitan against Office 365 phishing attacks are detailed in the image here:
To find out more about making Office 365 more secure and how SpamTitan can benefit your company, contact TitanHQ. Our highly experienced sales consultants will be able to advise you on the full range of benefits of SpamTitan, the best deployment option, and can offer you a free trial to allow you to personally evaluate the solution before committing to a purchase.