Microsoft Office 365 is under attack from scammers. This puts your business at major risk if you aren’t protected.
Office 365 Advanced Threat Protection (ATP) promises protection for malicious files, phishing emails and impersonations, spoofing, and URL scanning. However, the bad guys are creative, and they’ve found new ways around the standard protections. Microsoft Office 365 Advanced Threat Protection won’t stop the hackers by itself. Traditional third-party security solutions don’t always detect potential problems either.
Advanced Artificial Intelligence
With advanced artificial intelligence, INKY Phish Fence Anti-Phishing Software can find even the most minute details in email impersonation attempts. It doesn’t just match email addresses and URLs to lists of known threats, but it also scans for patterns. INKY analyzes images and logos for anomalies. With Machine Learning, INKY learns patterns and develops behavior profiles and social graphs. When INKY finds an email from a sender that deviates from the profile, it sends an impersonation warning.
This is more effective than Office 365 security filters and can catch even “Zero Day” attacks. Zero Day phishing attacks are new strategies that haven’t been tagged in Office 365 signature databases because they are new. As such, Business Email Compromise (BEC) attacks can be identified before they become known by traditional email protection systems.
Office 365 works across devices. Anywhere users can access the internet, they can access their Office 365 apps. Businesses are also allowing employees to use personal devices to access company information. While this allows for flexibility and increased productivity on the go, it opens businesses up to greater security challenges. This can also create potential legal consequences that didn’t exist in a closed system.
INKY was designed to work across devices. As a cloud-based phishing solution, INKY provides protection from any location on any connected device. INKY Phish Fence Anti-Phishing Software will flag users with a warning banner that appear in the email message regardless of device.
Office 365 Phishing Attacks
When it comes to fake emails, Microsoft is the most impersonated brand in the U.S. Office 365 advanced threat protection doesn’t catch them all. These legitimate-looking emails that appear to come from Microsoft might alert you to adjust your email limits, that your password has expired, or a malicious email has been found. When you act, it attempts to steal your credentials.
One of the latest twists purports to be from Microsoft. The phishing email alerts you to a voice mail on your business phone that you can listen to by clicking on the link in the email. If you click to listen. You may be launching malicious software or redirected to a site asking you to login in attempt to steal your credentials.
This can be particularly dangerous because it gives hackers access to your email, but also provides access to connected Microsoft apps, such as One Drive or SharePoint. This potentially exposes even more of your company’s private information.
Cyber-criminals have beat Office 365 security in other ways as well. Splitting up a URL in two places in the HTML code gets around Office 365’s Safe Links protocol. This so-called “baseStriker” attack uses the <base> tag in HTML code to hide part of the malicious URL in plain sight. A similar trick, called “ZeroFont,” hides part of a URL by assigning letters and words a font size of zero. The malicious URL is still there but can’t be seen.
Microsoft’s Safe Links failed to identify these attacks and allowed recipients to be redirected to phishing sites. As soon as these attacks were addressed by Office 365, hackers moved on to new phishing schemes.
Office 365 scans emails and links looking for malicious intent. Hackers have gotten around this by providing legitimate links to SharePoint or OneDrive documents which Office 365 failed to view as a threat. The threat wasn't in the email. It was in the linked document. When users clicked on the document, a spoofed login site was then launched to steal credentials.
INKY Provides A Better Solution
You can significantly improve your email security with INKY’s anti-phishing solution.
- INKY Phish Fence® was built for the cloud
- INKY Phish Fence® is custom-built to work seamlessly with Office 365 and integrates easily
- INKY Phish Fence® can be deployed as an add-on to an existing Office 365 office or put in place during a conversion
- INKY Phish Fence® integrates with Exchange by working inline
- INKY Phish Fence® is adaptable to any size company and scalable
- INKY Phish Fence® is secure enough to meet even government standards