O365 Phishing Attack: Why Your Organization Needs To Pay Attention To What Microsoft Has To Say

As per a 2019 Verizon Report, 94% of malware in all cybercrimes gets delivered via email. Thus, using emails to spread malware is a common cyber-attack strategy. Phishing emails aim to steal sensitive user information under the pretense of seeking identity verification, subscription confirmation, payment, etc. Phishing emails are used to launch various attacks, but the most common ones are BEC scams, spear phishing, whaling, and ransomware attacks.

According to a study by Sophos, 58% of all emails exchanged globally are spam emails and 77% of them contain a malicious file.

Office 365 is a popular office suite software from Microsoft used extensively by millions of global enterprises and institutions. Over 731k organizations in the United States alone use the applications provided by O365, which include Word, Outlook, Excel, OneDrive, OneNote, PowerPoint, SharePoint, and Microsoft Teams. With the increased dependency on these applications comes the added risk of phishing attacks. The ever-evolving phishing schemes that target organizations today demand the installation of effective anti-phishing measures.

Recent O365 Phishing Attack

In the latest posts from August 2021, Microsoft asks its Office 365 users to look out for phishing emails with spoofed email addresses. It is a recent phishing trick where the adversaries use a legitimate-looking email, SharePoint site, and original sender email addresses with spoofed display sender addresses. These addresses have the target usernames and domains and impersonate the display names of legitimate services to evade email filters.

In such an attack scheme, the malicious actors use variations of the word referral in the original sender address along with top-level domains such as domain ‘.com.’ These phishing emails look like ones asking users to join a secure SharePoint site. Unsuspecting users who see SharePoint in the display name believe it to be a site for bonuses and click on it out of curiosity. Doing so leads them to a phishing page without their knowledge which steals their credentials, installs malware, and opens the gateway to various cybercrimes.

Such phishing email examples have been reported in the recent past, and therefore, users must pay attention to the recommendations of Microsoft.

What Does Microsoft Recommend?

Since phishing attacks targeting Office 365 users are on the rise, Microsoft recommends organizations adopt the following email phishing protection measures:

Using Hyper-V Virtualization Technology: Microsoft advises organizations to use the Microsoft Edge and Windows Defender Application Guard to protect from targeted attacks. These applications use Microsoft’s Hyper-V virtualization technology renowned for blocking suspicious websites from accessing a user’s network.
Exchange Online Protection: Another anti-malware solution extended by Microsoft is Exchange Online Protection (EOP). EOP provides enterprise-class reliability and protection from malware and spam along with uninterrupted access to email in case of emergencies. EOP comes with additional security features, such as controlling bulk mail, spam filtering, international spam detection, etc.
Enabling Multi-Factor Authentication (MFA): MFA is yet another security practice Microsoft recommends. Organizations using Office 365 must constantly keep employees updated about phishing campaigns and adopt safe cyber practices such as MFA. It requires infiltrators to have authentication from more than one device.
Using MS Defender: Further, O365 users must use the Microsoft Defender for Office 365 to protect their files, emails, and data stored online from malware. Microsoft Defender for Office 365 provides anti-phishing protection for Word, PowerPoint, Excel, Teams, SharePoint Online, Visio, and OneDrive.

How To Deal With Phishing Emails?

Microsoft also provides suggestions for O365 users to apply when they have come across a phishing email or have landed on a suspicious website. Here are the best phishing protection measures to deal with phishing emails:

Immediately contact the IT admin on encountering a phishing email on the work computer and change all passwords linked to that account and device.
In case of financial fraud, contact the bank or Credit Card provider and ask them to block further transactions from the particular account.
Report suspicious emails under the junk or phishing category on Outlook.com and drag and drop (don’t copy or forward) the email into a new email, and send it to these two addresses: junk@office365.microsoft.com and phish@office365.microsoft.com
While on a suspicious website on Microsoft Edge, go to the More icon (…), select Help, followed by Feedback, and then click on Report Unsafe Site.

How To Stop Phishing Emails?

Though Microsoft Office 365 provides some robust anti-phishing solutions for its users, relying on those features alone is insufficient to handle the enormous number of daily attacks any organization can get exposed to. Therefore, one must also discuss other effective anti-phishing measures that help figure out how to stop phishing emails. These include:

The obvious signs of phishing emails are grammatical errors, minor differences in logos, spelling errors, and seemingly genuine domain names with slight variations. If any of these are noticed in an email, it should ring a bell, and one must act with caution. However, as attackers come up with innovative attack schemes, these errors have been reduced. These days, fake emails and spoofed sites look indistinguishably similar to legitimate emails or websites.
Avoiding certain habits such as using personal devices for official purposes, the same password for multiple accounts, easy-to-guess or straightforward passwords, not updating patches, etc., helps ensure safer cyberspace.
While the entire discussion has been about phishing emails targeting users of the O365 platform, one must also watch out for phishing emails impersonating Microsoft itself. Over 200 million Microsoft Office 365 users were tricked in a large-scale phishing campaign last year. The adversaries pretended to be Microsoft Outlook and sent fake security alert emails to users. Times are such that one must read every email with a significant amount of suspicion.

Final Words

Gone are the days when one followed the rule, ‘innocent until proven guilty.’ Today’s era demands an approach where every online activity is viewed as ‘guilty until proven innocent.’ Therefore, adopting the anti-phishing and anti-ransomware solutions recommended by Microsoft and incorporating a robust external anti-phishing product ensures more excellent protection against the sophisticated phishing attacks that Office 365 users face today.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.