
Phishing attacks are a serious threat to both businesses and individuals. According to the article, phishing attacks cost businesses an average of $1.6 million per year.
Implementing anti-phishing solutions is crucial to prevent these attacks. This can be done by educating employees on how to identify and report phishing emails.
Two-factor authentication is a simple yet effective way to protect against phishing. By requiring a second form of verification, such as a code sent to a phone, it becomes much harder for attackers to gain access to sensitive information.
Regular software updates and security patches can also help prevent phishing attacks by fixing vulnerabilities that attackers could exploit.
Consider reading: How to Avoid Phishing Scams
Protecting Your Organization
More than 90% of successful hacking attacks begin with a phishing email, so it's essential to take proactive steps to protect your organization.
You can't rely solely on user training to spot phishing attempts, as most phishing attacks exploit user behavior. Organizations need to offer employees more than just phishing tips to avoid a security breach.
Consider reading: What Is the Prominent Attack Vector for Phishing Attacks
Anti-phishing software is a critical piece of technology for organizations everywhere, and it's become a must-have in today's digital landscape.
Here are some key settings to consider when implementing anti-phishing solutions:
If you select the "Quarantine the message" action, you can also choose the quarantine policy that applies to messages quarantined by mailbox intelligence protection. Quarantine policies define what users can do to quarantined messages and whether users receive quarantine notifications.
A good spam filter that quarantines suspicious messages is a must-have, and a machine filter will spot things the human eye easily overlooks.
Related reading: Anti Phishing Filter
Mimecast Services and Benefits
Mimecast provides a comprehensive all-in-one subscription service for managing business email, including anti-phishing software.
Mimecast's cloud-based platform offers a range of solutions for email security, archiving, continuity, compliance, e-Discovery, and backup and recovery.
Mimecast anti-phishing services can be implemented and rolled out throughout an organization immediately.
Mimecast's anti-phishing technology provides a comprehensive and automated backup for when users fail to recognize a phishing email or adhere to security policy.
Readers also liked: Microsoft Security Phishing Email
Mimecast's anti-phishing solutions offer protection on and off the network with no disruption to users or to productivity.
Here are the key features of Mimecast's anti-phishing services:
- Mimecast Secure Email Gateway, which provides powerful anti-virus and anti-spam protection in addition to the latest threat intelligence developed by the Mimecast Security Operations Center.
- Mimecast Targeted Threat Protection – URL Protect, a solution that checks URLs in every email on every click and blocks user access to malicious or suspicious URLs.
- Mimecast Targeted Threat Protection – Attachment Protect, a service that performs deep inspection analytics on attached files, sandboxing suspicious documents or converting them to a safe format.
- Mimecast Targeted Threat Protection – Impersonation Protect, a solution that provides instant and comprehensive protection against emails impersonating trusted senders.
Mimecast Services
Mimecast provides anti-phishing software as part of an all-in-one, subscription service for managing business email. This service includes a broad range of solutions for email security, archiving, continuity, compliance, e-Discovery, and backup and recovery.
Mimecast's cloud-based platform requires no hardware or software to be purchased, and companies can avoid capital investment in favor of a predictable monthly subscription cost. This makes it an attractive option for businesses looking to protect themselves from phishing attacks without breaking the bank.
Mimecast anti-phishing services include four key solutions:
- Mimecast Secure Email Gateway, which provides powerful anti-virus and anti-spam protection in addition to the latest threat intelligence developed by the Mimecast Security Operations Center.
- Mimecast Targeted Threat Protection – URL Protect, a solution that checks URLs in every email on every click and blocks user access to malicious or suspicious URLs.
- Mimecast Targeted Threat Protection – Attachment Protect, a service that performs deep inspection analytics on attached files, sandboxing suspicious documents or converting them to a safe format.
- Mimecast Targeted Threat Protection – Impersonation Protect, a solution that provides instant and comprehensive protection against emails impersonating trusted senders.
Mimecast anti-phishing technology provides a comprehensive and automated backup for when users fail to recognize a phishing email or adhere to security policy. This means that even if employees accidentally click on a malicious link or open a suspicious attachment, Mimecast's technology has got them covered.
Microsoft Defender for Office 365 Settings
Microsoft Defender for Office 365 provides a robust set of features to combat phishing attacks, including anti-phishing policies. These policies can be customized to fit your organization's needs, with settings such as impersonation protection and phishing email thresholds.
The default anti-phishing policy in Defender for Office 365 provides spoof protection and mailbox intelligence for all recipients. However, the other available impersonation protection features and phishing email thresholds aren't configured in the default policy.
Impersonation protection in Defender for Office 365 looks for domains that are similar to your organization's domain. For example, if your domain is contoso.com, it checks for different top-level domains (.com, .biz, etc.), as well as domains that are even slightly similar.
The impersonation settings in Defender for Office 365 are available only in anti-phishing policies. These settings include the ability to specify a maximum of 50 custom domains for domain impersonation protection in each anti-phishing policy.
Readers also liked: Anti-Phishing Working Group
Domain impersonation protection prevents specific domains in the sender's email address from being impersonated. For example, all domains that you own (accepted domains) or specific custom domains (domains you own or partner domains).
Here are the available actions for detected domain impersonation attempts:
- Don't apply any action: The default value.
- Redirect the message to other email addresses: Sends the message to the specified recipients instead of the intended recipients.
- Move messages to the recipients' Junk Email folders: The message is delivered to the mailbox and moved to the Junk Email folder.
- Quarantine the message: Sends the message to quarantine instead of the intended recipients.
- Deliver the message and add other addresses to the Bcc line: Deliver the message to the intended recipients and silently deliver the message to the specified recipients.
- Delete the message before it's delivered: Silently deletes the entire message, including all attachments.
Phishing email thresholds in Defender for Office 365 control the sensitivity for applying machine learning models to messages for phishing verdicts. The available thresholds include Standard, Aggressive, More aggressive, and Most aggressive.
Mailbox intelligence in Defender for Office 365 uses artificial intelligence to determine user email patterns with their frequent contacts. This feature can help identify messages from legitimate senders, but it doesn't work if the sender and recipient previously communicated via email.
Common Policy Settings and Configuration
When creating an anti-phishing policy, you can't rename the default policy, but you can rename a custom policy you create.
You can add a description to a custom policy, but not to the default policy. Custom policies require at least one recipient filter to identify internal recipients.
Recipient filters can include users, groups, and domains, as well as exclude these users, groups, and domains. At least one selection is required in custom anti-phishing policies.
You can use a condition or exception only once, but the condition or exception can contain multiple values.
Here's a breakdown of the recipient filters you can use:
- Users: Identify specific users who will be affected by the policy
- Groups: Identify specific groups who will be affected by the policy
- Domains: Identify specific domains who will be affected by the policy
- Exclude these users, groups, and domains: Exclude specific users, groups, and domains from being affected by the policy
Impersonation settings are also available in anti-phishing policies, where you can specify sender email addresses or sender domains that receive impersonation protection.
Preventing Spoofing and Phishing
Spoofing and phishing are two types of email attacks that can deceive even the most cautious users. Spoofing occurs when an attacker forges the sender's email address or domain to make it look like a trusted source, while phishing is a more sophisticated attack that mimics a trusted user, domain, or brand to trick the recipient into revealing sensitive information.
Spoofing can be detected via SPF, DKIM, and DMARC validation, which are basic spoofing detection methods included in anti-phishing protection for all cloud mailboxes. However, phishing is a more complex issue that requires advanced detection and mitigation techniques, such as those provided by Defender for Office 365.
A different take: Ai Phishing Detection
To prevent spoofing and phishing, it's essential to understand the difference between spoofing and impersonation. Spoofing involves manipulating the sender's email address in the message header, while impersonation involves mimicking a trusted user, domain, or brand. By understanding these differences and implementing effective anti-phishing solutions, organizations can protect their users from these types of attacks.
Here are some common signs of phishing emails:
- Unsolicited emails
- Spelling mistakes
- Misrepresented domains
- Beware shortened links
- Sense of urgency
These signs can help you identify phishing emails and take necessary precautions to avoid falling prey to these attacks.
DMARC Spoof Protection
DMARC Spoof Protection is a critical component in preventing spoofing and phishing attacks. It helps to ensure that emails sent from a domain are authenticated and legitimate.
Spoof protection and sender DMARC policies can be controlled in anti-phishing policies, where you can specify separate actions for p=quarantine or p=reject in the sender's DMARC policy. If a message fails DMARC checks, you can choose to quarantine or reject it.
The relationship between spoof intelligence and DMARC policy honoring is described in the following table:
If the MX record for the Microsoft 365 domain points to a non-Microsoft service or device that sits in front of Microsoft 365, the Honor DMARC policy setting is applied only if Enhanced Filtering for Connectors is enabled for the connector that receives inbound messages.
You can override the Honor DMARC policy setting for specific email messages and/or senders using various methods, such as adding senders to the Safe Senders list, using the spoof intelligence insight or the Tenant Allow/Block List, or creating an Exchange mail flow rule.
For more insights, see: Report Onedrive Phishing to Microsoft
Spoofing vs
Spoofing and phishing are two common types of cyber attacks that can deceive even the most tech-savvy individuals. Spoofing is an attacker forging the sender's email address or domain to make it look like a trusted source, while phishing uses spoofed messages to trick users into clicking on malicious links or opening weaponized attachments.
Spoofing can be detected via SPF, DKIM, and DMARC validation, which are included in anti-phishing protection for all cloud mailboxes. However, spoofing can still be difficult to detect if the attacker creates a lookalike domain and publishes valid DNS records.
Impersonation is a type of spoofing where an attacker mimics a trusted user, domain, or brand to trick the recipient into believing the email is genuine. Impersonation can pass email authentication checks if the attacker created a lookalike domain and published valid DNS records.
Here's a breakdown of the differences between spoofing and impersonation:
To protect yourself from spoofing and phishing attacks, it's essential to be cautious when clicking on links or opening attachments from unknown senders. Always verify the sender's email address and look for any spelling or grammar mistakes in the email.
Mailbox intelligence can also help protect you from impersonation attacks by learning your email patterns and frequent contacts. However, mailbox intelligence doesn't work if you've previously communicated with the sender via email, so it's still crucial to be vigilant when receiving emails from unknown senders.
Identifying and Reporting Phishing
If you see signs of a scam and are suspicious of a message, report it immediately. Report phishing emails to Microsoft 365 Outlook and Outlook.com by selecting the suspicious message, choosing Report > Report phishing from the ribbon, and then selecting Report this message in Teams.
To spot a phishing email, look for unsolicited messages, spelling mistakes, and misrepresented domains. Phishing emails often have a country domain extension that's wrong, a misspelled domain name, a wrong domain hierarchy, or a different domain altogether. Be wary of shortened links that don't let you see the full domain name right away.
Phishing emails often create a sense of urgency, asking for personal information or appealing to emotions like joy, charity, caution, trust, duty, or fear. Some common pretenses include invoices, tax bills or refunds, lawsuits, orders of goods or services, and job applications. If you're unsure, report the email to Microsoft.
How to Identify Phishing Emails
Phishing emails often impersonate well-known brands, using logos and high importance to make them seem legitimate. However, they can be identified by their unsolicited nature, spelling mistakes, and misrepresented domains.
Be cautious of emails that don't conform to your history with the impersonated entity. Low-grade phishing emails often lack polish, with typos and deliberate misspellings to escape spam filters. You might see emails with phrases like "CRITICAL AL3RT!" or "Action required. A recent policy update needs your signature."
Hovering over links in a phishing email can reveal a different domain name. Look for country domain extensions that don't match the company being impersonated, or domain names that are misspelled or have a wrong hierarchy. Be wary of shortened links that don't let you see the full domain name.
Phishing emails often create a sense of urgency, appealing to emotions like joy, charity, caution, trust, duty, or fear. They might claim you've won a prize, need to donate to a charity, or have a suspended account that needs verification.
Some phishing emails contain weaponized attachments that install malicious code. Common pretenses include invoices, tax bills, lawsuits, orders of goods or services, or job applications.
Here's a list of common phishing email tactics to watch out for:
- Unsolicited emails from unknown senders
- Spelling mistakes and deliberate misspellings
- Misrepresented domains (wrong country extension, misspelled domain name, wrong hierarchy)
- Shortened links that don't reveal the full domain name
- Urgent language and emotional appeals
- Weaponized attachments with malicious code
Report a Scam
If you suspect a phishing scam, report it right away! You can do this by selecting the suspicious message in Microsoft 365 Outlook or Outlook.com and choosing Report > Report phishing from the ribbon.
Reporting a phishing scam is quick and easy, and it helps Microsoft improve their filters to prevent future scams. It's also a great way to protect yourself and others from falling victim to these types of scams.
If you're in Microsoft Teams, hover over the malicious message without selecting it, and then select More options > More actions > Report this message. When asked to 'Report this message', choose the option Security risk - Spam, phishing, malicious content is selected, and then select Report. Click the Report button.
Broaden your view: How to Report a Phishing Email to Google
Remember, reporting a suspicious message is always better than sorry. It's always better to err on the side of caution when it comes to online security.
If you're on a suspicious website in Microsoft Edge, select the Settings and More (…) icon towards the top right corner of the window, then Help and feedback > Report unsafe site. Or, you can use the shortcut ALT+F to open the Settings and More menu.
Here's a quick reference guide to reporting a scam:
- Microsoft 365 Outlook or Outlook.com: Report > Report phishing
- Microsoft Teams: More options > More actions > Report this message > Security risk - Spam, phishing, malicious content
- Microsoft Edge: Settings and More (…) > Help and feedback > Report unsafe site
Protecting Yourself and Others
Don't provide your personal information in response to an unsolicited request, whether it's over the phone or the Internet. This is because emails and internet pages created by phishers may look exactly like the real thing.
If you believe a contact may be legitimate, contact the financial institution yourself. Find phone numbers and websites on your monthly statements, or look up the company in a phone book or on the Internet.
Never provide your password over the phone or in response to an unsolicited internet request. A financial institution would never ask you to verify your account information online.
Review your account statements regularly to ensure all charges are correct. If your account statement is late in arriving, call your financial institution to find out why.
Use a good spam filter that quarantines suspicious messages. A machine filter will spot things the human eye easily overlooks.
To protect yourself and others, use antivirus software installed on every device and keep it up to date. Scan every email attachment for malware.
Here are some steps you can take to protect yourself and others:
- Never provide personal information in response to an unsolicited request
- Verify contact information before initiating contact
- Use a good spam filter and antivirus software
- Review account statements regularly
By following these steps, you can significantly reduce the risk of falling victim to a phishing attack and protect yourself and others from potential harm.
Mitigating the Impact of Phishing
If you think you've fallen for a phishing attack, act quickly to minimize the damage. Write down as many details of the attack as you can recall, including any information you may have shared, such as usernames, account numbers, or passwords, and where the attack happened.
Immediately change the passwords on all affected accounts, and create unique passwords for each account. This will help prevent further unauthorized access. For example, if you use the same password for multiple accounts, change it for all of them.
Confirm that you have multifactor authentication (also known as two-step verification) turned on for every account you can. This adds an extra layer of security to prevent attackers from accessing your accounts. For instance, if you're using a bank's online platform, make sure two-factor authentication is enabled.
If the attack affects your work or school accounts, notify the IT support folks immediately. They can help you contain the damage and prevent further attacks. Similarly, if you shared information about your credit cards or bank accounts, contact those companies to alert them to possible fraud.
If you've lost money or been the victim of identity theft, report it to local law enforcement as soon as possible. The details you've written down will be very helpful to them in their investigation.
A different take: You've Been Phished
Understanding Phishing and Identity Theft
Phishing is a sneaky cyberattack that tricks you into giving up sensitive information or downloading malicious code. Phishing attacks often come in the form of an email that tries to appear legitimate.
To avoid falling victim to phishing, remember that it's never a good idea to provide personal financial information over the phone or internet if you didn't initiate the contact. This includes your Social Security number, account numbers, or passwords.
If you're unsure about the legitimacy of an email, don't click on the link provided. Instead, go to the company's website by typing in the site address directly or using a page you've previously bookmarked.
Here are some key tips to keep in mind:
- Never provide personal financial information over the phone or internet if you didn't initiate the contact.
- Don't click on links in suspicious emails.
- Go to the company's website by typing in the site address directly or using a previously bookmarked page.
If you do fall victim to an identity theft attack, act quickly to protect yourself. Alert your financial institution, place fraud alerts on your credit files, and monitor your credit files and account statements closely.
What Is?
Phishing is a form of cyberattack that tricks the victim into giving up sensitive information or smuggling in malicious code.
Phishing attacks often come in the form of a message, typically an email, and use social engineering to appear legitimate, making it difficult for victims to distinguish them from genuine communications.
These attacks can be incredibly convincing, with scammers using tactics like spoofing email addresses and creating fake websites to mimic those of trusted brands or institutions.
The goal of a phishing attack is to get the victim to reveal sensitive information, such as passwords, credit card numbers, or personal identification numbers.
Phishing attacks can be devastating, leading to identity theft, financial loss, and even damage to one's reputation.
Combat Identity Theft
Don't click on suspicious links in emails, as they may contain a virus that can contaminate your computer.
If you fall victim to an attack, act immediately to protect yourself. Alert your financial institution, place fraud alerts on your credit files, and monitor your credit files and account statements closely.
Report suspicious emails or calls to the Federal Trade Commission or by calling 1-877-IDTHEFT. This will help prevent further damage.
To prevent identity theft, never provide personal financial information over the phone or the Internet unless you initiated the contact. Be cautious of emails that ask for sensitive information.
If you think you've been successfully phished, write down as many details of the attack as you can recall, including any information you may have shared. This will be helpful if you need to report the incident to the authorities.
Change the passwords on all affected accounts and create unique passwords for each account. This will prevent further unauthorized access.
If you've lost money or been the victim of identity theft, report it to local law enforcement as soon as possible. The more you delay, the more difficult it will be to recover.
Here are some steps to take if you think you've been phished:
- Write down as many details of the attack as you can recall.
- Change the passwords on all affected accounts.
- Turn on multifactor authentication (also known as two-step verification) for every account you can.
- Notify the IT support folks at your work or school of the possible attack.
- Report the incident to local law enforcement if you've lost money or been the victim of identity theft.
Recovery and Prevention
If you fall victim to a phishing attack, it's essential to act quickly to minimize the damage. Contact your financial institution immediately and alert them to the situation.
You'll also want to contact one of the three major credit bureaus to discuss whether you need to place a fraud alert on your file. This will help prevent thieves from opening a new account in your name.
Here's the contact information for each bureau's fraud division:
Report all suspicious contacts to the Federal Trade Commission, or by calling 1-877-IDTHEFT. This will help them track down the source of the phishing attack and prevent others from falling victim.
Frequently Asked Questions
How do I turn off anti-phishing?
To turn off Anti-Phishing protection, go to Kaspersky's settings and disable the "Anti-Phishing" feature under the "Protection" or "Threats" section. This will prevent Kaspersky from blocking suspicious emails and links.
Featured Images: pexels.com


