Microsoft sent out warnings last week about an rise in phishing attacks and scare mongering related to the coronavirus outbreak with many cybercriminals playing on people’s fear in order to steal personal data.
Criminal groups have various ways to attack vulnerable people, including malware, but Microsoft have emphasised that “91 percent of all cyberattacks start with email” and almost all are aimed at tricking their targets into handing over their credentials.
Microsoft has a robust set of security and protections servives designed to detect and block malicious emails, links and attachments with Outlook.com, Office 365, Office 365 ATP, Microsoft Exchange, and Microsoft Defender all working in together to protect. These services leverage advanced machine learning, heuristics, and anomaly analysers to detect malicious behaviours in email to try to prevent these landing in user mailboxes and to protect them should they get through and users click on the links.
Unfortunately technology alone will never be 100% foolproof, therefore it’s important for users and for IT to ensure the latest security updates are deployed, services are enabled (a staggering number of organisations have services like Office Advanced Threat Protection for example but don’t use it) and use advanced anti-malware and Endpoint Protection service, such as Microsoft Defender.
MFA is Critical to Identity Protection
If you don’t use multi-factor authentication (MFA) on all of your personal and business Office 365 (and other mail products like Gmail etc.), I’d strongly suggest you enable it and use Microsoft’s Authenticator to protect you.
Combined with Password Self Reset and Risk Based Conditional access MFA can detect and prevent over 99% of phishing attacks by preventing user identities since logins are protected by an additional login authentication step (just like you need to access your online banking).
Education is still key
It’s still important for users to be vigalenr and to educate themselves around what to look for..
Bad spelling and grammar, suspicious links and attachments and emails that look to good to be true, should always raise your suspicions… Even with the extensive protection, if you are suspicious about an email, never click on links or open any attachments, especially those with weird file extensions such as pdf.exe” or “txt.hta”
Cybercriminals (especially now) use urgency and scare as an attack vector. Microsoft warn users about the current trends which should always trigger an alarm:
- Threats. These types of emails cause a sense of panic or pressure to get you to respond quickly. For example, it may include a statement like “You must respond by end of day.” Or saying that you might face financial penalties if you don’t respond.
- Spoofing. Spoofing emails appear to be connected to legitimate websites or from your boss, or medical insurer, but take you to phony (often legitiame) scam sites or display legitimate-looking pop-up windows. Always check the website and the Url.
- Altered web addresses. A form of spoofing where web addresses that closely resemble the names of well-known companies, but are slightly altered; for example, “www.micorsoft.com” or “www.mircosoft.com”.
- Incorrect spelling or salutation of your name.
- Mismatches. The link text and the URL are different from one another; or the sender’s name, signature, and URL are different.
What do I do if I get a suspicious link?
If you think you have encounter a suspicious email or website, speak to your IT team. Microsoft also recommends using the built-in tools in Outlook on the Web, on the desktop Outlook app and in the Outlook Mobile app to report suspicious messages.
If you’re using Microsoft Edge, you can also report suspicious sites by clicking the More (…) icon > Send feedback > Report Unsafe site.
While bad actors are attempting to capitalize on the COVID-19 crisis, they are using the same tactics they always do. You should be especially vigilant now to take steps to protect yourself,” the company said today. You can learn more about Microsoft’s recommendations on their Security blog.