Let’s See What Microsoft Office 365’s New Phishing Protection Add-ons Are

Welcome News From Microsoft

According to Microsoft, they have the security features on its Office 365 to thank for foiling more than 5 billion phishing attacks in 2018. The high success figure is a commendable achievement that has motivated them to carry forward their fight against malicious attackers. The leading global software vendor is now taking steps to keep subscribers of Office 365 even more secure.

Microsoft’s Advanced Threat Protection has been safeguarding the interests of its users since forever, and these add-ons to its safety manual will undoubtedly make it very challenging for adversaries to make it to the inboxes of the targeted people or organizations. 

What Is The New Strategy?

While the ceaseless attempts of hackers and attackers continue, Microsoft Office 365 takes measures to provide better security to its subscribers from these ever-increasing attacks from adversaries. Microsoft has come up with a new set of protections to enhance its Office 365 Advanced Threat Protection to improve further the safety of users from spoofing and impersonation emails.

The new anti-phishing add-ons will include a phishing attack simulator for training of employees and end-users and for a real-time assessment of vulnerability, content evaluation and detonation with multiple platform capability, ability to detect bait texts in email contents, and better identification and blocking of spoofing and impersonations.

However, since these safety tactics and technologies are sophisticated, they require the administrators to be well researched and trained on the same before they can start the advanced war against phishing and other cyber attacks by adversaries.

Prerequisites For Effective Results

Anti-Phishing software or solutions such as Microsoft Office 365 is the most critical component of the anti-Phishing strategy of an organization.

Anti-Phishing solutions ensure that employees of an enterprise are not trapped by phishing attacks by clicking on a link or downloading infected attachments (e.g., .doc, .xls, .pdf files, etc.). The programs like Microsoft Office 365 check for the legitimacy of the sender of emails (for example, by checking for header info and other relevant details). Based on multiple signatures and other properties of email, it is capable of identifying phishing websites and monitoring your website’s traffic but still has some prerequisites to be met to utilize its capabilities thoroughly.

• Advanced technology that demands sufficient knowledge of its working on the part of administrators to minimize faulty implementations and misconfiguration.
• This new protection strategy requires an enterprise’s IT staff to be perennially aware of the latest technologies adopted by adversaries to guard against them with an even more effective and indomitable countermeasure.
• Full-fledged scrutiny and examination of Microsoft’s latest integrated services by the people who are already engaged in rendering protection to platforms like Exchange online or Office 365 is imperative before bringing it to practical use.

What Exactly Happens?

The new set of safety add-ons to the existing 365 Office Advanced Threat Protection for protection against phishing includes the following features:

• The power to locate phishing emails: This new strategy gives administrators the capability to identify and block emails with malicious links from reaching their target audience, that is, the end-users of Office 365. This early identification will save a lot of people from falling prey to the fraudulent emails that impersonate renowned persons and organizations. The impersonators send emails with links to fake websites that ask for sensitive information such as credit card details, or that require you to make an immediate payment for some seemingly critical service or event.
• Malicious content detection: Microsoft’s Advanced Threat Protection is used to scan and filter emails before delivering them to the end receiver. This feature saved the user’s or organization’s systems from the unnecessary headache of having to deal with spam emails. But the new features now added by the Office 365 protection strategy not only stop phishing emails from reaching the users but also ensure the detection of text lures that prompt the users to click on malicious links.
• Spam detection across several platforms: Those driven by ulterior motives are never content with just one evil deed. Modern-day cyber criminals are no exception. They give shape to their malicious intentions in all platforms of networking and content sharing. This practice is evident even in platforms like OneDrive and SharePoint, where these scammers share malicious files with hijacked credentials. Oblivious to this method, a high number of users believe the content to be completely safe as it’s a part of their intranet, and there is no visible possibility of a scam. The new Office 365 protection strategy ensures security from these threats with help via its file detonation feature in OneDrive and SharePoint.
• Test phishing emails: The old saying that prevention is better than cure still holds and is the basic principle behind one of the security add-ons to Office 365. Similar to simulation products like KnowB4 that sends test phishing emails and identifies a vulnerability in the user’s network, Microsoft developed a test that can assess the phishing vulnerability of its users. Via this test, Microsoft administrators can launch fake phishing attacks on their users (and obviously, the users would be least aware of it). By figuring out which of their users fall prey to it, specialized training is conducted for those users to enable them to differentiate between genuine and fraud emails. If installed, this feature promises to make administrators aware of the kind and intensity of protection that their end-users require.

While these new features are a boon, insufficient knowledge of their application on the part of the users can do more harm than good as they might accidentally block even those sensitive emails which are meant to be shared internally. It is advisable that administrators of the application and network security have adequate training to have an in-depth understanding of the different features of Microsoft Office 365 and their implications.