Combatting Office 365 Phishing

September 19th, 2017
Amol Dalvi
Amol DalviVP, Product

A report from the U.S. Department of Justice indicates that the number of ransomware attacks increased by over 400 percent from 2015 to 2016. The estimated amount lost to this form of cyber attack is estimated to be over $1 billion. An Internet Security Threat Report released by Symantec Corp shows that the probability of a malware attack via email nearly doubled in 2017, and that 43 percent of cyber criminals use email-based phishing as the preferred method of attack.

Office 365 gets targeted

These trends have been noted as the primary reason cyber criminals have begun to design sophisticated attacks to compromise the credentials of Office 365 users. Office 365, Microsoft’s ubiquitous productivity suite, has over one hundred million monthly users, which has prompted the increased level of attacks.

Cyber criminals devise increasingly elaborate and complex website templates and counterfeit emails to steal user’s credentials and initiate attacks from within an organization. In most cases, users receive a message with a link to a well-crafted website. Once they have clicked the link, the fake landing page prompts them to input their credentials. Once the user’s credentials have been received, the attacker has ongoing access to the user’s account.

Method of attack

Usually, attackers monitor incoming and outgoing communications both from within and from outside the organization in a bid to determine communication patterns. This enables them to gain knowledge which can be used to plan future attacks, including ransomware and other advanced threats.

The attacker may send messages from the user’s email address to other individuals within the organization, requesting additional information or credentials. Such a phishing email that originates from an internal email address has a greater chance of success, because individuals inherently trust communications from the correct email address of a co-worker.


What you can do

Due to the increased level of attacks, Microsoft has introduced additional protective features into Office 365 that protect users from malicious phishing emails. The new capabilities help to mitigate the malicious links and attachments found in email messages.

However, these features are only available to organizations who are willing to pay the hefty price tag attached to the Office 365 Enterprise E5 plan. The E5 plan is 75 percent more expensive than the Enterprise E3 plan. As the rate and sophistication of phishing attacks increases, Office 365 administrators need to develop and implement security procedures to protect their users.

The first defense against phishing emails is proper training of staff and personnel to detect suspicious signs in communications, even that which is sent from a legitimate email address. Administrators can also reduce the rate of successful phishing attacks by understanding attack vectors and developing comprehensive strategies that will defend users and the environment from such malicious attacks.

Such strategies must include Office 365’s built-in security services, increasing user awareness and making use of the monitoring services that come with Office 365. They should also augment Office 365’s multifactor authentication with more robust security products. IT managers and administrators should understand that today’s phishing and ransomware attacks are more sophisticated than those of previous years.

Who’s behind the curtain?

These attacks are planned and coordinated by professional hackers who are well-funded and have advanced resources and technology at their disposal. They spend an average of 200 hours planning an attack that contains myriad parameters and execution mechanisms that can foil even the most advanced security systems.

protecting against phishing

Build a strong defense

As such, Office 365 administrators should use every available means to secure the credentials of personnel within their organizations. They need to implement strategies that will detect vulnerable areas and quickly respond to viable threats. Defense in breadth helps to reduce the vulnerabilities in the organization’s protection products by implementing multiple defense systems that operate simultaneously. These systems also reduce the delivery of phishing emails to users.

One underutilized strategy that many IT managers overlook is user awareness training. Since it is virtually impossible to detect and defend against all forms of phishing emails, user awareness is the key to protecting against those phishing emails that make it through the organization’s security firewalls.

Users should be trained on the identification of phishing emails and the importance of reporting such emails to IT administrators. Suspicious links within emails should not be clicked, and anti-malware software must be used to protect their endpoints. IT managers could also use phishing simulators to effectively train users on detection and protection.

Looking ahead

If current trends are an accurate indication, Office 365 phishing attacks will only continue to accelerate. It is your responsibility to protect your organization from this threat and to ensure that no confidential or sensitive employee information is leaked. If the E5 plan is out of reach, consider implementing a few of the steps above to keep your company secure from phishing attacks.