Phishing attacks are as old as email. Remember getting emails saying that a sultan from a country you never heard of wanted to transfer $10 million to you if you would only provide your bank account number? The old attacks were almost comical with spelling errors and ridiculous scenarios. But today’s phishing attacks have gotten a lot more sophisticated, a lot more realistic, and a lot more prevalent. 

In fact, research from the Anti-Phishing Working Group found that the total number of phishing sites increased 46 percent from Q4 2017 to Q1 2018. Many are using SSL certificates to give their sites credibility and their targets a false sense of security.

Microsoft Office 365 attacks in particular are on the rise. Emails impersonating Microsoft support instruct the user to confirm their Office 365 account, or they warn the user that their email address will be suspended if they don’t resolve errors. Although many include grammatical errors, misspelled words, and email addresses that are obviously fake, users continue to download malware-ridden files or click links to malicious sites.

Although most users would claim to be able to spot a suspicious email a mile away, humans still represent the weakest security link and need to be educated about what phishing attacks look like and how they work. In addition to user training, it’s important to implement anti-phishing tools that can prevent successful attacks.

Office 365 includes some anti-phishing capabilities and the ability to block malicious URLs. Problem is, hackers have caught on and created new types of attacks that are capable of getting around these defenses.For example:

  • The ZeroFont technique makes an email appear legitimate by inserting hidden words with a zero font size into the email. This allows hackers to hide text-based indicators by making them appear like unstructured garbage text.
  • PhishPoint attacks go beyond email, using SharePoint files to host phishing links and steal user credentials. The recipient gets an email that appears to be a SharePoint request, clicks the link to a malicious site, and opens the file. At this point, the user is taken to a fake Office 365 login page and directed to enter credentials to access the SharePoint document, which enables the hacker to harvest those credentials.
  • The BaseStriker attack uses a <base> tag to split malicious links in a way that prevents detection by Safe Links. When the link is clicked, it redirects users to a phishing site.

ICG’s cloud-based email service leverages Mimecast email security, and we recommend Mimecast for organizations using Office 365, Microsoft Exchange, G-Suite and hybrid solutions. Mimecast Secure Email Gateway uses DNS authentication services to prevent address spoofing and protect against impersonation attacks. Multiple detection engines keep spam, phishing emails, and malicious attachments and URLs out of your users’ inboxes. Mimecast also detects threats that originate from within your email system, and uses threat intelligence and innovative techniques to identify zero-day threats and sophisticated attacks. 

With Office 365 phishing attacks on the rise, it’s important to take steps to reduce risk. Contact ICG to learn how Mimecast email security combined with employee training will ensure that your defenses are as strong as they possibly can be.