Protecting Against Phishing Attacks in Office 365. Sorry to start on an alarmist note, but here are the facts: 3.4 billion phishing emails and phishing attacks are predicted to compromise 33 million data records in 2023 alone.
By definition, phishing is an online social engineering attack in which the attacker tries to deceive a user into divulging personal information or downloading malware. It is estimated that 36% of all security breaches start with a phishing attack.
With this in mind, it is therefore no surprise that Office 365 admins are to make sure their organizations are well-proofed against phishing attacks. Therefore, this article is a well detailed analysis of the best practices to make sure your Office 365 is well protected.
Let’s start, by first learning about the types of phishing attacks.
Types of phishing attacks
1. Email Phishing
2. Spear Phishing
3. Whaling Attacks
Image source: Pandasecurity
Whaling emails often use the trick that a CEO who is very busy needs a favour from an employee. These emails are not as sophisticated as spear phishing emails. They are effective, though, because they take advantage of employees’ proclivity to follow directions from their boss.
4. Vishing and Smishing
Image source: projectfiveuk
These types of attacks utilize telephones. Smishing entails cybercriminals sending bogus text messages to victims, whereas vishing entails a phone chat with the victim. Text messages purporting to be from your bank warning you of suspicious activity are a common smishing pretext.
Other types of phishing attacks include:
- Angler phishing.
- HTTPS phishing.
- Pop up phishing.
- Clone phishing.
- Watering hole phishing.
EOP and Defender for Office 365 anti-phishing Protection
Microsoft has recognized phishing as a potent cyberthreat and implemented stringent safeguards for Office 365 users. There are 2 solutions, Exchange Online Protection (EOP) and Microsoft Defender for Office 365, that it has developed to address this cybercrime.
By using these and other best practices recommended by cyber security experts you can protect your systems from phishing attacks.
Anti-phishing protection in EOP
Image source: Vimeo
As part of EOP’s anti-phishing policies, you can choose to enable or disable spoofing intelligence, display or hide Outlook’s unauthenticated sender indicators, and set an action for spoofing senders that are prohibited.
A tenant allow/block List
It also allows you to manually create allow or ban entries for spoof senders before spoof intelligence detects them.
Automatic Email Verification
Try our Active Directory & Office 365 Reporting & Auditing Tools
Try us out for Free. 100’s of report templates available. Easily customise your own reports on AD, Azure AD & Office 355.
Additional Defender anti-phishing Protection
Microsoft Defender for Office 365 anti-phishing Policies
There are impersonation protection settings that are configured for specific message senders and sender domains in Microsoft Defender.
This is in addition to mailbox intelligence settings and customizable advanced phishing thresholds. Let’s have a quick overview of them
Attack Simulation Practices
Best Practices to keep phishing attacks at bay
Fix Compromised Accounts
Image source: Pixabay
It is vital to first deal with the recipient’s account that was compromised in case your system is the victim of a phishing attack and block any more phishing messages. This is vital to quarantine the threat, so you must take the right procedures to block the attack.
Notify Microsoft of the Phishing Attack
Use Microsoft Secure Score
Run Secure Score on a monthly basis to evaluate your organization’s security settings. A higher Microsoft Secure Score indicates that more security recommendations have been adopted. The higher your score, the more foolproof your systems are.
Examine the Message Headers
Often, the phishing message headers reveal your organization’s settings that allow phishing mails in.
In particular, it is important to check the Spam Filtering Verdict (SFV) value in the X-Forefront-Antispam-Report header field in message headers for indications of skipped filtering for spam or phishing.
Turn on Spoof Intelligence
In Microsoft Defender for Office 365, spoofed senders are messages where the From address of the message doesn’t match the source of the message.
Periodically review allowed and blocked spoof senders and make custom configurations to the spoof intelligence settings.
Check the Threat Protection Status Report on a regular basis
The Threat protection status report is a consolidated view of dangerous material and malicious email discovered and prevented by Exchange Online Protection (EOP) and Microsoft Defender for Office 365.
The report includes email messages with malicious content, such as files or URLs, blocked by the anti-malware engine, zero-hour auto purge (ZAP), and Defender for Office 365. That way it identifies trends and assembles data that you can use to decide whether or not your organizational policies need to be adjusted.
Deliver domain email directly to Microsoft 365 whenever possible
Simply put, set your MX record for your domain to point to Microsoft 365. This is because when email is sent directly to Microsoft 365, Exchange Online Protection (EOP) offers the highest level of security for your cloud users. Use Enhanced Filtering for Connectors in front of EOP if you have to employ a third-party email hygiene solution.
Employ Multi-factor Authentication
Periodically review mailbox Forwarding Rules
Configure the SPF, DKIM, and DMARC in DNS Records
Completely configuring the SPF, DKIM, and DMARC records in the DNS for all of your email domains is the best way to deal with legitimate messages that are blocked by Microsoft 365 (false positives) that involve senders in your domain.
To do so:
- Make sure your SPF record specifies all known senders from your domain, including any third-party services.
- If your email server is set up to reject messages from unknown senders, then you should use the hard fail (-all) option. To add permitted third party senders to your SPF record, use spoof intelligence to identify authorized domain senders. Doing this stops phishing vulnerabilities, which happen when some users accidentally let phishing happen by putting their own domains in the anti-spam policy’s.
- Allow sender or Allow domain list to let legitimate emails that were blocked get through.
Protecting Against Phishing Attacks in Office 365 Conclusion
Unfortunately phishing is still a common and often disastrous type of cyber attack. According to a Proofpoint study, 60% of firms lose data as a result of a successful phishing assault, while 52% have their passwords or accounts compromised.
Therefore, it is vital to take precautions to secure your Office 365 to safeguard against costly attacks that are detrimental to your organisation. That way, you will be ready for any phishing attacks that may come your way in 2023.
Try InfraSOS for FREE
Invite your team and explore InfraSOS features for free