We use cookies to provide the best experience

We use cookies to offer you the best customer experience. With the help of cookies, we can offer you the information you like about our products and services. If you give your consent to the use of cookies, press the "I accept cookies" button. If you want to manage your cookie preferences, click the "Change cookies" button. Your choice of cookies will be stored for 90 days. Learn more about cookies

Please select and confirm the cookie preferences that suit you:

We use cookies on our website to ensure that important operations and certain functionalities work. Without these cookies, the website will not work properly.

We use marketing cookies to deliver personalized advertising to you. Personal ads allow you to take part in many different campaigns. If you do not wish to receive personal advertisements, you can still visit our website, but the advertisements you see may not be relevant to you.

We use analytical cookies because they help collect data about how many customers use the website, what content they browse and other information necessary to improve the functionality of the website. By using statistical cookies that collect anonymous information, we can learn how visitors reach the website and use the website.

Cybersecurity Simplified: Phishing

Author: Time: 10.02.2021

Phishing is a form of fraud in which an attacker masquerades as a reputable person or company in email or other electronic communication channels. A common phishing tactic is to send an email with a forged return address, so that the message appears to have originated from a legitimate source, making it more likely that the recipient will open it. 

Phishing attacks are popular with cybercriminals, because it is easier to trick someone into clicking a malicious link in a seemingly legitimate email than it is to break through a computer’s defenses.

Examples of phishing schemes

An employee receives an email from her company’s CEO, asking her to buy electronic gift cards for a customer recognition event. The request is time sensitive so she quickly purchases these online and sends the gift card numbers to the CEO.  Weeks later she discovers the CEO never made the request.

An employee receives an email with a link to a secure document. They enter their credentials to view the document, but the document fails to load. They move on to other work and forget about the glitch. In reality, they have delivered their username and password to hackers, who can now use it to access their email and other online accounts, including systems and data used by your company.

Microsoft 365 Business Premium helps protect you against phishing attacks

Most cloud email services include some protections against phishing through basic spam filtering. Microsoft 365 Business Premium adds sophisticated technologies that provide an additional level of protection:

Time of click protection against malicious links: cybercriminals sometimes redirect seemingly safe links to unsafe sites using a forwarding service hours or days after a message is delivered. To help ensure continuous protection, each time a link is clicked, it is checked in real-time, and the destination is blocked if it is known to be malicious.

URL detonation: When a user clicks a link that has an unknown reputation, the system checks the destination for patterns of suspicious behavior in a secure “sandbox.”  While this scanning is happening, users see the message ”this link is being scanned.”  If the link is identified as malicious after the scan, the user is warned against opening it.

Anti-spoofing technology uses machine learning and advanced analysis techniques to identify signs than an email sender may not be who they appear to be.  If impersonation is detected the email is blocked or moved to junk mail.

Multi-factor authentication helps keep attackers out of your environment even if a phishing attack results in a compromised password. Advanced multi-factor authentication gives you the ability to configure trusted locations such as an office network and block access from countries where you aren’t conducting business.

Microsoft’s commitment to enhancing security technology

The anti-phishing and anti-malware capabilities included in Microsoft 365 Business Premium are called Office 365 Advanced Threat Protection (ATP).  This is the same technology used to protect many of the world’s largest companies.  
Threats rapidly evolve, so we continue to invest in expanding capabilities to help secure mailboxes from attacks. Microsoft uses artificial intelligence to identify and protect against emerging threats in real-time.  Our machine learning models leverage Microsoft’s wide network of threat intelligence, plus seasoned threat experts who have deep understanding of malware, cyberattacks, and attacker motivation, to combat a wide range of attacks.

Office 365 ATP also shares threat signals with other defenses and sensors within Microsoft.  For example, when a malicious file is detected by Microsoft Defender, that threat can also be blocked by Office 365 ATP.  Connecting security data and systems allows Microsoft security technologies to continuously improve threat protection.

Source: Microsoft