Phishing attacks prove to be effective despite how hard a company tries to protect its employees and customers. Researchers warned about a new sort of phishing scam that is used to bypass the Advanced Threat Protection system used by email services including office 365.
Microsoft office is an all in one solution that offers different online services including Exchange Online, SharePoint Online, Lync Online as well as Web Apps with Word, Excel, PowerPoint, Outlook and One Note.
Microsoft also offers an AI and machine learning which is powered by security protection. It helps to defend against potential phishing and other threats as it goes levels deep to scan links in email bodies and look for blacklisted or suspicious domains.
Phishers do find a way to bypass office 365 protection to steal user information. They either trick others into giving away their information or split malicious URL to replace secure links and redirect the user to a phishing website.
How Do Such Attacks work?
Microsoft keeps addressing such issues but now and then phishers come up with a new trick to bypass their security protocols. This even includes inserting malicious links into documents. Yes, users might receive an email which contains a link to a phishing website. The body o these emails look standard to any online invitation from someone who wants to collaborate. Once the user clickers the hyperlink in an email, the browser will open the SharePoint file.
The content of such email impersonates standard access request to OneDrive file, but the Access button is the laced with phishing URL. This link redirects you to a fake login page, bypassing office 365 email protection. Once there, the attacker will ask you to provide your login details, which is later harvested for their gain.
Microsoft scans the body of every email, especially the links. However, most campaigns lead to SharePoint document, so companies don’t consider them an issue. Therefore, the out of box protection measures introduced by Microsoft are insufficient.
To protect yourself, you had to take precaution and earn about these attacks. There are several online resources you can refer to. For instance, you can learn about advanced threat detection and how to avoid falling victim to such attack with Microsoft’s Office 365 Advanced threat detection guide.
Go through every word of the extensive guide provided by Microsoft and learn how to deal with such attacks.
In case the guide isn’t good enough for you, you can always use a third-party security solution. Yes, you can install an Office 365 Phishing Protection module in your account to keep yourself safe from these attacks.
There are several tools available in the market that helps you stay safe from such attacks. If you don’t know where to look, you can always install Mcaffee Office 365. This will keep you safe against every sort of phishing attack and assures your data doesn’t fall into the wrong hands.
So, red out every email carefully and check the sender’s name and address. Before you click a link, check it out first.