Office 365 Phishing Protection

Microsoft Office 365 is one of the most popular packages of software solutions for businesses, and Outlook is one of the most widely adopted email solutions, yet many businesses find the incorporated Office 365 phishing protection fails to block a high enough percentage of phishing threats.

Microsoft offers basic phishing protection for Office 365 in the form of Exchange Online Protection (EOP), which is a perfectly reasonable spam filter for filtering out unsolicited junk emails. Office 365 also performs reasonably well at malware detection and will block known malware threats delivered via phishing emails. Where EOP fails to provide sufficient protection is blocking more sophisticated phishing attacks – the types that commonly fool employees. That is why many businesses augment Office 365 phishing protection with a third-party anti-phishing solution such as SpamTitan. Before we explain how SpamTitan significantly improves Office 365 phishing protection, it is worthwhile explaining what phishing is.

What is Phishing?

Phishing is a form of social engineering which is defined by the U.S. National Institute of Standards and Technology (NIST) as “an attempt to trick someone into revealing information (e.g., a password) that can be used to attack systems or networks.”

Phishing is described by NIST as “a practice where hackers send emails that appear to be from an acquaintance or trustworthy institution. A phishing email (or phish) can tempt users with a variety of scenarios, from the promise of free gift cards to urgent alerts from upper management.”

Phishing can take many forms and is not limited to email. Phishing may also be conducted using other methods of communication such as SMS messages, instant messages, websites, social media networks, or even over the telephone.

Different Types of Phishing Email

The majority of phishing attacks on businesses occur via email. They range from simple attempts to get users to disclose their credentials or other sensitive information to highly sophisticated attacks that can be difficult to identify as malicious.

Anti-Phishing Demo
Protect your MSP clients with the newest zero-day threat protection and intelligence against anti-phishing, business email compromise and zero-day attacks with PhishTitan.
Free Demo

Simple Phishing

Phishing attacks are diverse but typically include a lure to trick people into taking the bait and providing the attacker with the information being sought, which is often Microsoft Office credentials but could be other types of sensitive information such as employees’ W-2 forms (tax information). These emails may claim that the recipient has won a competition and needs to provide personal information to collect their prize, or a delivery has been missed and they need to open an attachment to reschedule, but by doing so install malware.

Targeted Phishing – Spear Phishing

Most phishing emails are sent in large campaigns of thousands or even millions of messages, but enough people take the requested action to make these attacks worthwhile. Alternatively, phishing can be conducted in much smaller campaigns targeting just a few individuals. These attacks, termed spear phishing, tend to be much more sophisticated. The emails often addressed to people by name and include highly believable lures. A link may be provided to a website, under the guise of a collaboration request on an Office document for instance, which the victim needs to access via the Internet. They are required to log in to Office 365 to view the document, thus disclosing their Office 365 credentials. These emails may appear to have been sent by a trusted individual and may even have been sent from that individual’s actual Office 365 email account, which has been compromised in a previous phishing or credential stuffing attack.

Big Game Hunting – Whaling Attacks

Whaling attacks are a type of spear phishing attack that targets the big game in an organization – C-suite members such as the CEO or CFO. These phishing attacks are laser-focused, well-written, and involve considerable research by the scammer. The aim is to obtain credentials, which for the C-Suite often has the highest levels of privileges. Compromised Office 365 accounts can be used to send phishing emails internally and are used in Business Email Compromise (BEC) attacks.

Office 365 Phishing Protection

Office 365 phishing protection will block the majority of simple phishing attempts on employees, but the volume of phishing emails now being sent – The Anti-Phishing Working Group says more than 90,000 phishing campaigns are conducted each month – and the sophisticated nature of many phishing attempts means basic defenses are not sufficient. Phishing emails may contain novel malware variants, which signature-based antivirus technology in Microsoft’s Office 365 phishing protection fails to identify and block. This is why Microsoft offers a premium service that improves Office 365 phishing protection further; however, independent tests have shown even this advanced solution – Advanced Threat Protection (APT) – only provides a mid-market level of protection against phishing at best. To block the full range of email phishing attempts, businesses should implement SpamTitan Plus+ for Office 365.

Introducing SpamTitan Plus

SpamTitan Plus+ provides leading-edge protection against all types of email phishing and works seamlessly with Office 365. Standard Office 365 phishing protection measures are not replaced, they are augmented, with the protections provided by SpamTitan Plus+ layered on top of Office 365 phishing protection.

SpamTitan Plus+ incorporates predictive approaches capable of identifying new phishing attacks that have not previously been seen, using heuristics, Bayesian analysis, and machine learning techniques to block even sophisticated spear phishing and whaling attacks, preventing these threats from being delivered to inboxes.

SpamTitan Plus+ uses dual antivirus engines for blocking known malware threats and incorporates a Bitdefender-powered sandbox that delivers behavior-based analysis to identify zero-day malware threats. Suspicious attachments that pass scans by the dual AV engines are sent to the sandbox for in-depth analysis, which uncovers obfuscated malware and polymorphic threats, and even memory-based malware that writes no files to the hard drive.

SpamTitan Plus+ checks the destination URL in real-time, performs page evaluation to identify spoofed websites and login pages, follows redirects, and performs many other dynamic checks. It has the most comprehensive threat intelligence of any anti-phishing solution, with 100% coverage of all current market-leading anti-phishing feeds.

That translates into 1.5x more phishing URL detections, and 1.6x faster phishing detection than any of the current market leaders, blocking 10 million new phishing URLs, on average, every day. Click stream traffic is obtained from more than 600 million endpoints worldwide, several hundred billion local queries, and 100 million cloud queries a day, and it takes just 5 minutes from initial detection to protect all users against a malicious URL.

Time to Take the Phishing Threat Seriously

Phishing is the most common way that threat actors gain a foothold in business networks, and attacks on businesses are soaring. If you want to protect against these threats, you need to take your Office 365 phishing protection seriously and should consider implementing SpamTitan Plus+. We also recommend implementing layered defenses, so in addition to the many layers of protection provided by SpamTitan Plus+, you should provide training to the workforce. The SafeTitan Security Awareness Training and Phishing Simulation solution will ensure your workforce is trained on how to recognize phishing and other security threats.

For more information on SpamTitan Plus+ and SafeTitan Security Awareness Training and Phishing Simulation Platform, give the TitanHQ team a call today to arrange a product demonstration.