Office 365 Phishing Protection: What You Should Know

Find out what Office 365 phishing scams are out there and how to protect yourself.

With over 60 million commercial users, Office 365 is one of the most widely used office suite packages in the world, so your business is likely one of the 60 million users.

Although Windows is a trusted brand name, its software is still susceptible to hackers because its usage is so widespread. Here are some key things you should know about Office 365 phishing protection so you have a fighting chance against cybercriminals.

Office 365 phishing

Office 365 phishing is prevalent because the more users there are, the higher the chances of success.

Scammers know it’s an essential suite used frequently in workplaces, so any phishing attempts can have the payoff of obtaining company secrets.

This type of phishing can be harder to discern, as cybercriminals use sophisticated ways to dupe the email receivers into handing over their credentials. But if you know what some of these scams look like, it can be easier to heighten security at your business.

phishing protection

Office 365 phishing email examples

Here are a few Office 365 phishing email examples you and your coworkers should look out for:

 

  • PhishPoint: This scam circumvents all normal built-in phishing defenses in Office 365. It uses a legitimate file to get through, and the malicious link is contained within collaboration tools like SharePoint.
  • Non-delivery emails: You’ll receive fake non-delivery emails that have malware in their “send again” link. Since you send emails frequently, it’s hard to differentiate between fake and real non-delivery emails.
  • Storage limitation alerts: You’ll get an email warning you that you’re reaching your storage limit for Office 365. It’ll then require you to log into your account to activate “Quota” to fix the problem.
  • Reactivation requests: An email asking you to reactivate your account will contain a link to a fake login page. After you “log in,” the cybercriminals will have account details. They can then use those credentials to aid in future attacks.

 

Office 365 phishing email: 2018 and beyond

Cybersecurity firm AppRiver saw over 100 million phishing emails sent to Office 365 users in 2017. Seeing as cybercriminals aren’t going to relent on their efforts, you can extrapolate those numbers to 2018 and beyond.

 

As these attacks become more frequent and better disguised, your organization needs to ramp up its security measures to keep them out as best as possible.

 

Office 365 Advanced Threat Protection

Office 365 Advanced Threat Protection (ATP) is a native security solution. Anti-phishing protection is offered as part of its services.

 

It works by scanning all incoming email for malware, malicious links and spoofing. If it identifies anything as a phishing attempt, ATP can then block the email from reaching your inbox in the first place.

 

» 

How to enable Office 365 phishing protection

You’ll be pleased to know that you don’t have to enable Office 365 phishing protection. As long as you’ve added Office 365 ATP to your subscription, the phishing protection will automatically work for your Office programs.

Office 365 ATP comes with the flexibility to change policies according to what your organization’s needs are.

 

» 

Office 365 anti-phishing policy options

In Office 365 ATP, your global or security administrator can set up anti-phishing policy options so you can get more comprehensive protection. Your options include:

 

  • Which users and domains you want to protect
  • Which senders and domains you want to trust
  • The actions you want to take against phishing attempts (quarantine, redirect, move to the junk folder, deliver, no action, or add anti-phishing tips)
  • Whether or not you want mailbox intelligence on
  • Advanced phishing thresholds

 

» 

Advanced phishing thresholds

This feature of Office 365 ATP is very important because it sets the actions you want to take on phishing emails. Using the standard threshold means any suspicious emails are handled in a moderate way. You also have the choice for higher thresholds of aggressive, more aggressive, and most aggressive.

 

The most aggressive setting may not always be the best choice for you since there’s a higher chance of your important emails being flagged as malicious. You may have to experiment with the settings to get the best results for your organization.

 

Office 365 ATP: anti-phishing basics

block anti-phishing attempts. But often, it’s not enough. Although ATP offers decent protection, Microsoft’s expertise isn’t in anti-phishing, which means their efforts may fall short.

 

So, in addition to enabling Office 365 ATP, you should also get anti-phishing software. Because niche experts make it, you’re guaranteed to get added protection that’ll catch anything that has evaded ATP. With various pieces of software in place, your organization will have full office 365 advanced threat protection. You’ll get peace of mind knowing you’re safeguarding your sensitive information as best as you can.