Using Office 365 Email? Why You Need Third Party Hosted Phishing Protection

Despite the millions spent on office 365 hack protection, the company misses each new wave of phishing attacks and malicious files. The question is, how can you prevent these phishing emails from causing you any harm?  Well, there are multiple ways, for instance, Microsoft itself provides a tool known as Advanced Threat Protection (ATP) or hosted phishing protection for office 365 users.

In order to prevent phishing office 365, we must first understand how exactly and how often it is done.


Office 365 phishing email examples

A new phishing campaign was discovered that sends you a fake “Microsoft found several undelivered messages” email, with a “Send Again” link. The link takes you to a page that asks for your email id and password. Upon receiving your information, it forwards it to the scammers while redirecting you to the legitimate office login URL as if nothing happened before.

Another phishing victim was the president of IMP Solutions who had his Office 365 password compromised. The hacker then implemented a forwarding rule that all the emails will be forwarded to his Gmail account from where he could keep track of all the contract negotiations and fund transfer. The hacker hit the jackpot of one million dollar investment and he was able to create a convincing reply regarding the last minute change in banking details. Fortunately, they realized that something was odd and called the bank to cancel the transfer.


How to Prevent Phishing in Office 365?

Microsoft has developed and is still working in tools that help organizations by lowering the Office 365 bypass hack. They have even set up a Security and Compliance Center where you can test your O365 security and can even get suggestions on how to make it more secure. However, there are some features only available for larger installations but are extremely effective. For example, “Multi-Factor Authentication” or enforcement of strong passwords.

What is Advanced Threat Protection?

ATP is an advanced security solution, designed to protect you from sophisticated phishing or malware attack. ATP solutions can vary in components or approaches but their basic infrastructure involves combinations of endpoint agents, network devices, malware protection systems and a centralized management system to alert or manage defenses of the system.


Office 365 ATP Anti-Phishing

With new phishing attacks emerging every now and then, it becomes complicated even for a trained eye to identify such emails. Luckily, Office 365 Advanced Threat Protection has your back. It allows you to configure your own ATP anti-phishing policies to ensure that you are protected against such attacks.

Now the question of worry is can ATP be penetrated somehow? Or can scammers bypass it? The answer to that question is “yes”. Our security systems are getting smarter but so are the scammers. Recently new kinds of scams have come up to the surface that can bypass ATP solutions.


Can Phishing Attackers Bypass ATP?

One of the reasons that the hackers can bypass ATP protection is because every hacker has its own Office 365 account to figure out ways in which it can be exploited. Microsoft’s default security settings come along with every $35/month account. The hackers have all the time in the world to find a way to bypass it.
For example, most attackers are aware of that ATP doesn’t inspect outbound or internal email, which is why many of these attackers use compromised accounts.
Office 365 Phishing – Are You at Risk? According to a report, Over 10% of Office 365 users were affected in two weeks by a phishing attack named PhishPoint. A similar technique was previously used by scammers to bypass O365 security known as Advanced Threat Protection (ATP), implemented in almost all of the popular email services for protection against phishing.


Why You Need A Third Party Protection?

We are not saying that Microsoft’s security standard is low but the popularity of the platform attracts so many hackers that it’s impossible to detect their creative ways of scamming. Your most sensitive data is stored on the Cloud which is not hard to hack. There are many vulnerabilities in Office 365 which make it easier to be cracked. When you get phishing protection it provides you multiple and highly extensive defenses.  It comes with 6 different protection services including Zero-day exploit protection, domain name spoofing protection, and smart quarantine. Such technologies have advanced threat defense that secures your employees’ data.


Protect Office 365 today

All in all, you cannot rely on the Office 365 phishing protection to protect your data neither can you avoid using Office 365 as it has become one of the basic necessity of any growing organization. The data you upload on the Cloud is far more valuable than any cost you spend to protect it. Use proper tools to prevent or limit the damage.

Kinza Zaheer

Writer at Thetic Blog.

Leave a Reply