Prevent phishing scams using Microsoft 365 Defender

October 29th, 2021

Microsoft is an established provider of top-tier business productivity software — and its commitment to its subscribers’ cybersecurity is integral to that reputation. To combat phishing, one of today’s most prevalent cyberthreats, the software giant has equipped Microsoft 365 Defender with powerful features. Here are some of them.

1. Anti-phishing

The most dangerous types of phishing scams involve emails that are disguised to appear like it's from an entity. An attacker may use cunning tactics, such as referring to the victims by their nickname. They may even take over actual email accounts and use these to trick their victims.

Through machine learning, Defender creates a list of contacts that users normally communicate with. It then employs an array of tools, including standard anti-malware solutions, to differentiate acceptable from suspicious behaviors.

2. Anti-spam

Since common phishing campaigns utilize spam emails to victimize people, blocking spam is a great way to protect your company from such attacks.

Defender’s anti-spam technology addresses the issue by examining both an email’s source and its contents. If an email is found to come from an untrustworthy source or has suspicious contents, it is automatically sent to the Spam folder. What’s more, this feature regularly checks the activity of people in your company to ensure that none of them sends out spam emails.

3. Anti-malware

Malware, such as ransomware and spyware, can spread via phishing emails. Ransomware locks systems and files from users until a ransom is paid. Spyware, on the other hand, steals data by recording keystrokes, copying clipboards, and taking screenshots, among other methods.

Defender employs a multilayered defense against both known and unknown types of malware. This covers the different stages of email transmission security, including filtering potentially harmful attachments, and real-time threat response. Microsoft also regularly deploys new definition updates to keep its defenses armed against the latest threats.

4. Sandbox

It’s not uncommon for some users to accidentally open a malicious email attachment, especially if they’re not careful.

Defender resolves this issue by opening all attachments in a sandbox first. This sandbox is an isolated environment, so if the attachment is malicious, it will only infect the sandbox and not your actual system. Microsoft will then warn you not to open the file. If it’s safe, you will be able to open it normally.

5. Safe Links

Instead of attachments, some phishing emails contain URLs that lead to fraudulent websites — often made to look like legitimate ones — that require victims to provide their personal information. Some of these URLs also lead to pages that download malware into a computer.

Through a process called URL detonation, Safe Links protects users by scanning the links in their emails and checking for malicious behavior, such as the transmission of malware. If the link opens a malicious website, Microsoft Defender will warn users not to visit it. Otherwise, users can open the destination URL normally. Even so, the service will rescan the link in the succeeding days and report any suspicious changes.

What’s great about Safe Links is that it also scans links in emails from people within your company and works on files uploaded to Microsoft Teams and SharePoint.

6. User Submissions

Defender allows you to set a specific mailbox to send emails you deem a threat. The User Submissions feature lets you set criteria for both malicious and safe email and identify mailboxes besides your spam folder to keep these messages in. This feature gives your administrators greater control over which emails to flag and which to report to Microsoft.

7. Enhanced Filtering

If your company uses third-party services to route emails to your on-premises environment before they are sent to Microsoft 365, you will benefit from Enhanced Filtering for Connectors. Defender uses inbound connectors to determine the trustworthiness of email sources. The more complex your routing scenario is, the more likely that an email’s inbound connectors will not reflect its real source.

Enhanced Filtering preserves authentication signals that may have been lost over the course of routing emails. This maximizes the effectiveness of Microsoft 365’s overall filtering capabilities, helping it detect spam and phishing emails.

If you need an email service that promotes efficiency while protecting your business, we can deploy and manage Microsoft 365 for you. Call us today to get started.

Published with permission from TechAdvisory.org. Source.