How to recognize and stop phishing attacks in Microsoft 365

  • Articles
  • How to recognize and stop phishing attacks in...

Table of Contents

Cyber-security is top of mind for every organization right now. Companies invested in the Microsoft ecosystem of cloud-based services are particularly on edge due to the recent “Hafnium” criminal hackers’ zero-day attack for on-premise Exchange Servers, the so-called “PrintNightmare” vulnerability found (and patched) in Windows 10, and the proof of concept attack against Azure Cosmos cloud-based databases that is unsettling even though it hasn’t caused any damage (so far). In late August 2021, Microsoft pledged a strategic investment in cyber-security of $4 billion per year over the next 5 years. That $20 billion total investment is quadruple what Microsoft currently allocates for their already sizable cyber-security spend. In addition, the company is partnering with colleges and non-profit organizations to shore up cyber-security training for current and future workers.

Cyber criminals prey on Microsoft 365 users with social engineering

While vulnerabilities in software often receive the most attention from the media, there is a more sinister type of cyber-security vulnerability that vexes both business leaders and IT professionals alike: social engineering. Social engineering is used by cyber criminals to psychologically manipulate individuals to reveal confidential information—often resulting in the attacker using that information to gain access to a larger trove of corporate data for financial gain. One of, if not the most, common social engineering techniques used by criminals is phishing, where an attacker poses as a trustworthy source to solicit confidential information from an unwitting victim. For companies with Microsoft 365 that rely on Microsoft Outlook email and Microsoft Teams for collaboration, phishing attacks often appear as an urgent message from management asking to open an attached document or visit a corporate website in order to fill in some details required for a big deal to go through.

Amaxra’s cyber-security experts have seen and thwarted numerous phishing attempts against our company and our clients. In this blog post, we cover the easy ways that any company using the cloud-powered Microsoft 365 productivity suite can use to stop phishing attacks.

How to recognize a phishing attack using Microsoft 365 apps

Generally speaking, a phishing attack has two components:

  • The bait – Phishing emails contain messages designed to appear as if a legitimate and often urgent request to “bait” the victim into revealing sensitive data. Just like how a fisherman wants a realistic-looking plastic worm as bait to catch a fish, cyber criminals create realistic looking emails as bait, too. Criminals will research your corporate website and the social media of your employees to learn the basics about your operations then write an email that looks like a request from an external vendor or even an internal corporate executive for the phishing attack bait
  • The hook – Phishing email text is often filled with words like “immediate” and “urgent” designed to psychologically break the victim. Amaxra cyber-security experts note that the phishing emails that appear to come from a corporate executive often threaten subordinates with negative consequences if hasty action is not taken. The reason why this hook works is because nobody wants to tell the boss “no” when they receive an urgent email from them demanding financial information on a Sunday evening for a board meeting on Monday morning

But even as cyber criminals build increasingly realistic bait, Microsoft 365 productivity apps make it easy for you to spot them before you get hooked! In both the Microsoft Outlook app and Outlook on the web in a Microsoft Edge web browser, you can hover your mouse pointer over any hyperlinks or buttons in the email and look in the lower-left corner of the app or browser. You will see the exact Uniform Resource Locator (URL) associated the links or buttons in the email. This is important because phishing scam URLs never exactly match what is requested—sometimes it’s close, but it’s always a bit off.

For example, say you work in the finance department for Unlimited, LTD. The bait of a phishing email to you is an official-looking email from your CFO. The hook is that the CFO “needs updated numbers for Q2 FY immediately” and telling you to click the unlimited-ltd.sharepoint.com link and sign into your company’s SharePoint site. You hover your mouse over the link and see that the URL is actually for a fake “unlimitedltd-sharepont.com” site that will undoubtedly be used for nefarious purposes.

Trust no one and never click on anything

Phishing scams can also include attachments such as a Microsoft Excel spreadsheet, a Microsoft Word document, or even non-Microsoft file formats such as Adobe PDFs. These file formats are ubiquitous in modern workplaces, but they are also often potential vectors of a cyber-security attack. Microsoft 365 productivity apps, particularly Excel spreadsheets, often can leverage “macros” that enable the automation of repetitive keystrokes and mouse clicks from within the document. Cyber criminals exploit macros by using them to install malware on a phishing victim’s device. So, if you open an email attachment with any Microsoft 365 file format asking to “enable macros,” stop what you’re doing and contact the email sender to confirm the validity of the file.

How to report a phishing scam message to Microsoft

Companies with Microsoft 365 can also take direct advantage of Microsoft’s multibillion-dollar investments in cyber-security by using the “Report Phishing” add-in for Microsoft Outlook. This free add-in empowers Outlook email users to report suspicious messages to Microsoft’s cyber-security team to help them better train Outlook and the cloud-powered artificial intelligence behind it to recognize phishing scams automatically. With the Report Phishing add-in for Outlook installed, you can select any email in your Inbox, click the Report Message button on the Outlook ribbon, and choose “Phishing” to not only alert Microsoft but also automatically isolate the phishing email on your device.

An authorized corporate IT manager can install this free add-in for all users in the Microsoft 365 Admin Center from the Settings > Add-ins page. Alternatively, you can also connect with Amaxra for help on how to protect your organization against phishing and other cyber-security attacks. We are a Gold-level Microsoft Partner with over a decade in business and offer affordable proactive tiered cyber-security solutions for small-to-midsized businesses at fit any budget. And Amaxra always configures every Microsoft 365 deployment to not only enable security but also maximize your employee productivity.

Subscribe To Our Blog