Phishing attacks are prevalent regardless of the email service your company uses. The potential for attack is equal across all email services. This article however is directed toward companies that currently use Office 365.
Phishing attacks in Office 365 are increasingly on the rise and many businesses may be vulnerable to them. It can be simple as an email being sent to you disguised as your manager or company executive containing a link to view a document. Such link requests login information and soon after the unwary victim has passed on their credentials to some unknown source. From that point maliciousness can be rampant and the entire company could be compromised.
How to detect a Phishing Attack
With the potential to cause untold damage, how can such attacks be prevented? It is true, a Phishing attack in Office 365 can catch any person off guard, especially as these attacks are becoming increasingly elaborate with ever new ways of compromising a company’s network. Therefore, it is important to be informed on ways to detect phishing attacks in Office 365 so that your company is secure.
1. Check email headers
Never simply trust the display name of the sender in an email. One way to detect if an email is a phishing attack is to check the email header. Who is the sender? If you click the senders name to view the actual email address, does it match? Does it contain strange characters? You can also view the properties of an email, to view the email header information. Check the email address in the header from field—if it looks suspicious, reject the email.
2. Review any Suspicious attachment or link
Another way to detect if an email could be a potential phishing attack is to check the attachment or link details in the email. If you hover over the link that was sent to you and the hyperlink address does not look familiar, do not click on it! Review any attachment that has been sent to you that you are not familiar with and do not open it. Forward all suspicious emails to your company’s IT Dept or Managed service provider right away so that appropriate action can be determined. The goal of a phishing attacker is to catch you off guard in attempt to capture your login username and password.
3. Check for Poorly written Content
Emails that are poorly written could potentially be a clue to a possible phishing attack. Most companies & brands spend additional time to edit and proofread their work before sending it. Huge grammatical errors and numerous misspelled words may be an indication that the focus of the email is not what it appears.
4. Beware of Unnecessary Urgency
False urgency is another tactic used by Phishing attackers. It could be an email appearing to come from your bank, the IRS, your manager, or your IT department with an urgent requirement for you to login to your Office 365 account and perform some task. Other tactics involve threats that your account will be disabled, or some other adverse effect will take place if you do not login immediately. The intention is to send something to startle the reader as to overlook checking suspicious indicators of possible phishing.
5. Review the Salutation
Phishing attacks frequently are sent without being addressed to a specific person. The salutation may say Dear customer, or Dear User, or not have a salutation at all. Most companies or brands who send informational email usually address it to the specific person they are trying to reach.
How to prevent a Phishing Attack
It is important for a company to understand how to prevent phishing attacks so that they can be less vulnerable to them in the future. Multiple defenses may need to be applied in order to achieve the optimal level of protection. Here are a few suggestions:
• Enable DMARC, DKIM, and SPF
These technologies involve setting up certain DNS records to assist with email authentication and make it more difficult for hackers to spoof an email address.
- DKIM allows the receiver to check if an email claimed to have come from a specific domain was indeed authorized by the owner of that domain
- DMARC is designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing.
- SPF Sender Policy Framework is an email authentication method designed to detect forged sender addresses in emails
Check with your IT department or Managed Service Provider, to see if these protocols have been implemented for your domain.
• Enable Multi Factor Authentication (MFA) on Office 365
Multifactor Authentication forces a user to use another method to prove one identity at login. The other factor of authentication could be simply entering a code from a text message or validating identity by a finger print or Iris scan. This prevent any potential attacker from being able to use stolen credentials should a breach be attempted. Many organizations use Microsoft Azure Conditional Access to force users to use MFA when they are not in the office.
• Consider Using Office 365 Advance Threat Protection
Office 365 Advance Threat Protection (ATP) is an add-on service from Microsoft that protects customers from unknown email threats in real-time by using intelligent systems that inspect attachments and links for malicious content. These automated systems include a robust detonation platform, heuristics, and machine learning models. ATP provides a comprehensive level of protection to stop Phishing and many other types of attacks.
How CloudFirst Technology Solutions can help
As a leading technology innovation managed service provider and Microsoft Gold Partner, we deliver high quality IT business solutions for your Microsoft cloud implementation as well as maintain the IT workflow of your business. We keep up to date with the latest features of Office 365 that can benefit you, as we lead with real world best practices that keep your IT infrastructure innovative and secure. We are your partner! Contact us for assistance in setting up added protection against Phishing attacks.