Microsoft 365 Phishing Preventing With Trustifi: A Collaborative Approach to Email Security

Microsoft has worked hard to develop more prevention against advanced email phishing attacks.

Organizations invested in Microsoft 365 (M365) look to cloud-based platforms like Trustifi powered by artificial intelligence (AI) and machine learning (ML) to augment and complement existing email security services.

Rise of Advanced Phishing Attacks Targeting Microsoft 365 Users?

Microsoft services became targeted because of the widespread use of Microsoft accounts by companies worldwide. Millions of companies, including over 731,000 in the USA, rely on Microsoft solutions for team collaboration and communication.

Attackers use various M365 phishing techniques that are sophisticated, innovative, and relentless. These cyber-attacks have become more targeted, with hackers sending smaller volumes of unwanted emails. It is uncommon for a single attack nowadays to target hundreds or thousands of recipients.

Phishing scams use social engineering and tricks to make users think they get safe emails with attachments or links. Attackers use legitimate-looking emails with dangerous attachments or links that can steal information if clicked on.

There has been a rise in phishing scams targeting M365 users to steal their credentials. These scams heavily focus on Microsoft services because Microsoft accounts are highly valued.

What are the Most Common Microsoft 365 Phishing Attacks?

Microsoft 365 (M365) is a consolidated application platform that combines email, file storage, collaboration tools, and productivity assets. It has become a popular target for phishing attacks, with Microsoft being the second most impersonated brand in 2021. Because of the sensitive data and files it contains, protecting against M365 phishing and ransomware attacks has become a priority for Microsoft and email security providers like Trustifi.

M365 users are primary students, corporate, government, and small-to-medium businesses. These users are subject to email phishing attacks, many of which are generated by adversarial AI tools, including WormGPT and FraudGPT.

Organizations, including private and public corporations, continue to see an uptick in business email compromise and impersonation attacks against their Microsoft 365 accounts.

• Business Email Compromise: Impersonation scams, such as phishing, business email compromise (BEC), and email account compromise (EAC), are common among Microsoft 365 users. In these attacks, cybercriminals impersonate known and trusted senders, such as executives, colleagues, or reputable organizations, to deceive users into sharing account credentials or downloading malware onto their systems.
• Shared File Attack: Phishers use a free Office 365 account to access Sharepoint and upload malware and credential-stealing tools into unprotected shares. The hacker sends a phishing email marked as a notification of a shared file.
• The Back Door Attack: Hackers continue to leverage the Microsoft Azure cloud to host their phishing sites. This scheme has successfully bypassed security evasion layers. Hackers will use this phishing to generate malicious links for email spoofing, email fraud, and zero-day attacks by leveraging Sharepoint to trick users into thinking they are receiving a request to collaborate.
• Voicemail Attack: Hackers will send a voicemail notification with a malicious link to the M365 account. This link will trick the user into thinking they are retrieving a voicemail. However, it will redirect the user to a phishing site to steal their credentials.
• Spear Phishing: Spear phishing emails continue to target specific individuals or departments within an organization. These attack methods use extensive social engineering to identify potential victims.
• Whaling Phishing: Similar to spear phishing attacks, whaling specifically targets CEOs using M365 email and applications. This attack method leverages social engineering, content cloning, and impersonation attacks.
• Clone Phishing: Clone phishing within M365 continues to become a very complex attack method to prevent. Hackers leverage content from previous email or document content. These well-crafted emails mix new phishing text with the actual content of earlier communications. This mixture of content has successfully bypassed many inbound filtering solutions.

How do Malicious Threats like Phishing Attacks Try to Trick Users?

Hackers and scammers love email phishing attacks because they continue to steal money, identities, and data from M365 user accounts successfully. Many phishing attacks focus on tricking users into disclosing their banking information, personal details, including social security numbers and driver’s license numbers, and specific information about other family members.

Adversarial AI tools, including WormGPT and FraudGPT, have increased the effectiveness of these attacks by making these messages near-perfect spelling and grammar. Previously, phishing techniques often had clues, including misspelled words and poor grammar.

Here are a couple of ways hackers will trick M365 users:

1. CEO impersonation: Using domain lookalikes, Hackers will impersonate high-level executives. By spoofing trusted organizations like an important business partner or customer, Microsoft 365 corporate users will consider the message authentic and execute the embedded requests.

2. Hacker’s M365 Account: Hackers will spend a few dollars and sign up for a Microsoft 365 account. They will use this account to test the various vulnerabilities within the entire Office suite, looking for ways to exploit the user with a well-crafted email.

3. Rogue Tech Support: Hackers leveraging their M365 email address pose a tech support personnel to exploit users. By posing as a tech support person, hackers will send malicious links to users recommending software updates, purchasing additional licenses, or activating new features. Users seeing an email from a microsoft.com domain will probably trust the message’s source and execute the various commands within the email phishing message.

4. Subscription Phishing: M365’s home users become targeted by cybercriminals. Users receive phishing emails asking them to upgrade or renew their subscriptions. The link in the email leads to a legitimate website that includes “365” or “Microsoft” in the domain name and has current Microsoft branding. If the victim enters their payment card details and MS365 account credentials, they risk malware threats and financial theft.

What Advanced Email Threat Protection Enhanced Security Features are inside M365?

Microsoft continues to invest in advanced features to help protect their M365 users from fake emails, spam emails, and phishing. Users have access to M365 basic, standard, and premium. The premium license includes:

• Azure Information Protection (AIP) and Data Loss Protection (DLP) policies to safeguard sensitive data. AIP employs encryption, access controls, and rights management to classify, label, and protect sensitive data in the cloud. DLP is a policy-based method that prevents unauthorized or intentional leakage of sensitive data. Combining AIP, DLP, and Defender for Cloud Apps can detect breach attempts on secured data.
  • Anti-phishing
  • Anti-spam
  • Anti-malware
  • Email Encryption
• Safe Links: Safe Links increase our capability to prevent harmful links from being accessed. It is essential to assess the credibility of a message before clicking on any suspicious links in emails or from unfamiliar senders.
• Safe Attachment: Emails and malicious files become scanned for malware, but safe attachment is an extra layer of protection. All attachments get checked in a virtual environment before being delivered. If you open an email with attachments immediately, you may see a notice saying this attachment became scanned for safety. You can open the attachments once the scan is done and the attachments are deemed safe.
• Multi-factor Authentication (MFA) is integrated into Microsoft 365 to increase the security of user accounts. This helps reduce the risk of unauthorized access, particularly in cases of stolen passwords.
• SAML: Microsoft 365 has implemented support for Security Assertion Markup Language (SAML), a standardized protocol for exchanging authentication and authorization data between distinct entities. This enables effortless integration with third-party applications, providing users with convenient access while ensuring the same level of security as their Microsoft 365 accounts.
• Self-Service Password Reset, or SSPR, is a feature introduced in Microsoft 365. This feature allows users to reset their passwords independently, with no help from IT. By utilizing methods such as email, text messages, or phone calls, users can easily and securely verify their identity and regain access to their accounts.

What Additional Precautions Should Users Take When They Receive a Suspicious Email?

Corporate, home, and student M365 accounts share many common email security attacks. Phishing, spam, impersonation, and credential theft affect every M365 user. Impersonation attacks are very troubling because hackers use this method to great success in manipulating users with financial fraud, romantic scams, or pretending to be a long-lost relative.

M365 users need to take the time to read every word in each email. If anything seems too good to be true, this is an email phishing attempt.

How Important is User Training to Build User Awareness?

Developing a continuous training process, including updated information about recent cyberattacks and potential threats, goes a long way in recruiting M365 users to be vigilantes. Educating the users on marking messages as spam or phishing, using email encryption correctly, and avoiding sending sensitive information through email helps reduce compliance risk, fines or financial losses from lawsuits, and unrecoverable damage to the organization’s brand.

What are some Real-world examples of Microsoft 365 phishing attacks?

While there is no shortage of real-world examples of M365, it stands out more than the email attack against Microsoft’s senior executives.

“The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access. Microsoft has identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor known as Nobelium. We are sharing this update as part of our ongoing commitment to responsible transparency, as recently affirmed in our Secure Future Initiative (SFI).”

Starting in late November 2023, an attacker gained access to a few Microsoft corporate email accounts, including senior leaders and employees in cybersecurity, legal, and other departments. They stole some emails and documents, primarily focusing on information related to Midnight Blizzard. Microsoft is currently notifying affected employees.

While this isn’t the first email security attack Microsoft has faced, it showed the need to consider deploying email security in layers rather than just a single protection strategy.

How will Adding Trustifi Email Security for Microsoft 365 help stop phishing?

Organizations wanting to increase the level of protection of their M365 users integrate with strong Integrated cloud email security (ICES) providers like Trustifi. Trustifi’s advanced AI email security platform, built as a cloud-based email security platform from day one, integrates with M365 email services and security layers. Organizations wanting to extend additional layers will enable Trustifi’s advanced inbound filtering capability to be a valuable complement to Microsoft security. Trustifi’s additional features, including data loss prevention, threat intelligence, email encryption, data tokenization, and email archive services, come fully integrated into their single management console.

Using an email security solution from Trustifi that includes AI-driven threat prevention is an effective method of protecting against advanced M365 phishing attacks. However, no singular solution guarantees complete protection against phishing. To enhance your security measures, we suggest implementing our multi-layered defense strategy with your M365 instance.

Email phishing attacks will continue to penetrate Microsoft’s email security layers. Organizations that invest in a proactive, collaborative approach by adding a layer of security will protect their M365 users, their data, and their brand.