Protect Against Phishing Attacks
Written by Cisilion’s Chief Strategy Officer, Rob Quickenden
Microsoft sent out warnings last week about a rise in phishing attacks and scaremongering related to the coronavirus outbreak with many cybercriminals playing on people’s fear in order to steal personal data.
Criminal groups have various ways to attack vulnerable people, including malware, but Microsoft has emphasised that ‘91% of all cyberattacks start with email‘ and almost all are aimed at tricking their targets into handing over their credentials.
Microsoft’s Security Services
Microsoft has a robust set of security and protection services designed to detect and block malicious emails, links and attachments with Outlook.com, Office 365, Office 365 ATP, Microsoft Exchange, and Microsoft Defender all working in together to protect. These services leverage advanced machine learning, heuristics, and anomaly analysers to detect malicious behaviours in emails to try to prevent these landing in user mailboxes and to protect them should they get through and get clicked.
Unfortunately, technology alone will never be 100% foolproof, therefore it’s important for users and for IT to ensure the latest security updates are deployed, services are enabled (a staggering number of organisations have services like Office Advanced Threat Protection for example but don’t use it) and use advanced anti-malware and Endpoint Protection service, such as Microsoft Defender.
MFA is Critical to Identity Protection
If you don’t use multi–factor authentication (MFA) on all of your personal and business Office 365 (and other mail products like Gmail etc.), I’d strongly suggest you enable it and use Microsoft’s Authenticator to protect you.
Combined with Password Self Reset and Risk-Based Conditional access MFA can detect and prevent over 99% of phishing attacks by preventing user identities since logins are protected by an additional login authentication step – just like you need to access your online banking.
Education is still key
It’s still important for users to be vigilant and to educate themselves around what to look for.
Bad spelling and grammar, suspicious links, attachments and emails that look to good to be true, should always raise your suspicions… Even with the extensive protection, if you are suspicious about an email, never click on links or open any attachments, especially those with weird file extensions such as pdf.exe” or “txt.hta”
Cybercriminals – especially now – use urgency and scare as an attack vector. Microsoft warns users about the current trends which should always trigger an alarm:
These types of emails cause a sense of panic or pressure to get you to respond quickly. For example, it may include a statement like ‘You must respond by the end of the day’. Or saying that you might face financial penalties if you don’t respond.
spoofing emails appear to be connected to legitimate websites or from your boss, or medical insurer, but take you to phoney, often legitimate, scam sites or display legitimate-looking pop-up windows. Always check the website and the Url.
Altered web addresses
A form of spoofing where web addresses that closely resemble the names of well-known companies, but are slightly altered; for example, “www.micorsoft.com” or “www.mircosoft.com”.
For example the salutation of your name or more complex words
The link text and the URL are different from one another; or the sender’s name, signature, and URL are different.
What do I do if I get a suspicious link?
If you think you have encountered a suspicious email or website, speak to your IT team. Microsoft also recommends using the built-in tools in Outlook on the Web, on the desktop Outlook app and in the Outlook Mobile app to report suspicious messages.
If you’re using Microsoft Edge, you can also report suspicious sites by clicking the More (…) icon > Send feedback > Report Unsafe site.
Final word – Your Next Steps
While bad actors are attempting to capitalise on the COVID–19 crisis, they are using the same tactics they always do. You should be especially vigilant now to take steps to protect yourself and you can learn more about Microsoft’s recommendations on their Security blog, or by speaking to our experts by filling in the form below.