Microsoft 365 identifies and blocks phishing emails – so you don’t have to
“Whatever your business, however big or small it is, you will suffer phishing attacks at some point.” – this statement from the UK’s National cyber Security Centre (NCSC) is a clear warning that no organisation is safe from cyber-attacks, regardless of their industry or size.
More importantly, there are alarming statistics that prove email is the most popular threat avenue. The Cybercrime Information Organisation (CSO) states that 94% of malware is surfaced via email, and more than 80% of reported security incidents are due to phishing attacks.
So, what is phishing? Put simply, phishing is a cybercrime tactic where threat actors steal from victims by masquerading as true and legitimate sources. Most commonly, the aim is to trick the recipient into divulging personal data – such as bank details or password information – or clicking on a malicious link to download malware.
Whatever cyber criminals are trying to achieve, often they are successful; it is estimated that approximately £13,500 ($17,700) is lost due every minute by businesses and individuals that fall victim to phishing attacks. As well as the financial loss, organisations usually face irreparable damage to their reputation, losing valuable customers and repeat business.
Worryingly, the NCSC also warns that “phishing emails are getting harder to spot”. Cybercriminals are becoming more sophisticated and using more cultivated methods.
Many of the early-day phishing attempts were laughable (or at least it would have been easy to laugh, had the cybercriminals’ desired outcomes not been so potentially damaging) – and easy to identify, with appalling spelling and grammar littering the content.
But today’s phishing emails are more refined, including fake links that are much harder to recognise; there might be tiny tweaks to the web address of a legitimate organisation, substituting a letter that’s similar to the eye at a quick glance. Fraudulent websites are imitating genuine sites more and more successfully, with design and content copied almost exactly. After all, cybercriminals are not going to feel bound by the laws of copyright or plagiarism!
It’s still essential to ensure that your workforce remains ultra-vigilant and aware, as well as implementing an ongoing training programme for employees. That said, technology from the ‘good guys’ like Microsoft is designed to help you keep attackers out.
Microsoft recognises the potential dangers, highlighting that, “with the growing complexity of attacks, it’s even difficult for trained users to identify sophisticated phishing messages.”
Microsoft 365 incorporates comprehensive anti-phishing protection, with features such as Exchange Online Protection (EOP) and Office 365 Advanced Threat Protection (Office 365 ATP). The computer giant is also one further step ahead with its anti-phishing security. Acknowledging that at times genuine emails can be caught in the net, Microsoft is set to offer functionality that allows users to release legitimate emails that have been incorrectly identified as phishing content.