How does Microsoft 365 prevent phishing?
Phishing remains one of the top cyberthreats to businesses today. Because of this, Microsoft invests a lot of time into securing its email service.
Among the many business solutions that Microsoft offers is email hosting through Outlook. This service is protected by Microsoft Defender for Office 365. Defender has many key features:
The most dangerous types of phishing scams masquerade as emails from a party the victims know, such as their boss, colleague, business partner, or bank. A phisher may use crafty impersonation tactics, such as referring to the victims by their nickname, making it harder to immediately identify the scam as fraud. A cybercriminal may even take over actual email accounts and use these to completely fool their victims.
Using machine learning, Defender creates a contact graph of contacts that users normally exchange communications with. It then employs an array of tools, including standard anti-malware solutions, to differentiate good from suspicious behaviors.
Generalized phishing campaigns utilize spam emails, which are sent to a large list of email addresses, to catch random victims. Stopping spam is, therefore, a great start to protecting your company from a phishing attack.
Microsoft 365’s anti-spam technology addresses the issue by examining both an email’s source and its contents. If an email is determined to have come from an untrustworthy source or has suspicious contents, then it is automatically routed to your spam folder. What’s more, this feature checks the activity of people in your company to ensure that none of them sends out spam emails.
Malware, such as ransomware and spyware, can spread via phishing emails. Ransomware locks data and programs from users until a ransom is paid. Spyware, on the other hand, steals data by recording keystrokes, copying clipboards, and taking screenshots, among other methods.
Microsoft 365 employs a multilayered defense against both known and unknown types of malware. This covers the different stages of email transmission, including filtering potentially harmful attachment formats, and real-time threat response. Microsoft also regularly deploys malware definitions to keep its defenses updated.
4. Safe Attachments
Some phishing emails contain file attachments that infect your computer with malware. Any email attachment should be handled with caution, but it’s not uncommon for some users to accidentally click on one, especially as they rush through the messages in their inbox.
Defender resolves this issue by opening all attachments in a sandbox first. This sandbox is an isolated environment, so even if the attachment contains malware, it would not affect your system. While in the sandbox, the attachment is meticulously scanned. If it’s clean, Microsoft 365 will allow you to open it as normal. If it contains a threat, the service will notify you of the issue. Microsoft uses some of the information collected by Safe Attachments to further improve the feature’s capabilities.
5. Safe Links
Instead of attachments, some phishing emails contain URLs that lead to websites — often spoofed versions of legitimate websites — that require victims to provide their personal information such as their account credentials. Some of these URLs lead to download pages that infect your computer with malware.
In a process called URL detonation, the Safe Links feature protects users by scanning the links in their emails and checking for malicious behavior, such as the transmission of malware. If the link leads to a malicious website, Defender will warn users not to visit it. Otherwise, users can proceed to click and go to the destination URL without a hitch. But even so, the service will rescan the link in the succeeding days and report any suspicious changes.
What’s great about Safe Links is that it doesn’t just scan links from unfamiliar sources. It also scans links in emails from people within your company and works on files uploaded to Microsoft Teams and SharePoint.
6. User Submissions
Microsoft 365 allows you to set a specific mailbox to send emails you deem a threat. The User Submissions feature lets you set criteria for both malicious and safe email and identify mailboxes besides your spam folder to keep these messages in. This feature gives your administrators greater control over which emails to flag and which to report to Microsoft.
7. Enhanced Filtering
If your company uses third-party services to route emails before they are sent to Microsoft 365, you will benefit from Enhanced Filtering for Connectors. Microsoft 365 uses inbound connectors to determine the trustworthiness of email sources. The more complex your routing scenario is, the more likely that an email’s inbound connectors will not reflect its real source.
Enhanced Filtering preserves authentication signals that may have been lost over the course of routing emails. This maximizes the effectiveness of Microsoft 365’s overall filtering capabilities, helping it detect spam and phishing emails.
If you need an email service that promotes efficiency while protecting your business, we can implement and manage Microsoft 365 for you. Just call us today to get started.