26 Feb Safeguard your Communications on Office 365
Defending your data… with Office 365 Advanced Threat Protection
Soon after the release of the Advanced Threat Protection (ATP) service within Office 365. In the wake and growth of the email born cyber-attacks, Microsoft released ATP as their optional add-on security service. Filtering emails, with little impact on productivity, ATP is among the toughest of the add-on’s suite to 365, which we deeply urge businesses to adopt.
Including vital features, such as Safe Links, ATP prevents users from accidentally clicking on malicious links embedded within phishing emails that are falsely representing themselves from a legitimate source, such as a bank, government body or trusted brand name.
Safe Attachments defends your users from opening potentially damaging email file attachments, which can be embedded with viruses or malicious code that can install the software in the background of a PC designed to steal or corrupt data, without the user even realising.
ATP has been around for over 2 years, so what’s new?
A major feature, which has been added to the service’s Anti-Phishing tools, concentrates on Impersonation Detection. ATP has been working to guard against phishing attacks for quite some time, however, attacks are known as, “spear-phishing” or “whaling”, where criminals imitate a trusted sender often targeting individuals within a business that may have access to valuable data, are far more difficult to identify.
If the hacker can get their email distributed to their intended target, they are far more likely to be fooled by domain name impersonation. Where two very similar names are used, so similar in fact, that at first glance most users wouldn’t detect anything wrong with the email.
The new Impersonation Detection service works to spot doppelganger emails and domain names that may have potentially been used to trick users. Using “mailbox intelligence”, ATP will determine whether the email being received is from a trusted email sender or a new email address. Security warnings will then routinely be applied to unknown email addresses, helping to draw user’s attention to potential risks.
This feature, among all other ATP tools, are included within the Office 365 Advanced Threat Protection bolt-on product, which is included as standard with the Enterprise E5 license.
So, could someone imitate my domain name?
Without hesitancy yes. Someone out there if desired could disturbingly impersonate any domain name they choose. It is stupidly easy for those with relatively basic to zero knowledge of cyber hacking to clone your domain and an email address, then start firing out emails set to steal valuable data, or simply cause interruption & downtime.
One risk with domain impersonation isn’t necessarily criminals impersonating other people’s domains, but them choosing to impersonate your domain, with the one key purpose of fooling your staff in your own business.
A recent example, a Finance Director’s email account being imitated – with an accurate mask of the name, full email address, and even his entire email signature! An email gets sent from this fake account to another member of the Accounts Department, asking them to make a payment on a fabricated invoice to a bank account. The email is well written in English and has a sense of urgency. Not wanting to upset their boss, the team members make the payment as instructed. Losing the business thousands in one simple unknowing mistake, this could be happening to your business and you wouldn’t even know until it’s too late.
How can I use ATP for security against this impersonation?
Advanced Threat Protection will instinctively keep a look out for domains used within email addresses that are contacting your users. It will work to filter-out emails (based on your pre-defined choices) that fall into an do not trust category, perhaps a spoof domain that is very similar to your own, or from an anonymous user/email address that doesn’t exist within your 365 – keeping your team well out of harm’s way.
The threat management dashboard contains real-world statistical information on where emails are starting from, domains and users that have been impersonated. With this kind of information, you will be able to keep well ahead of the continual threats, enabling you to focus on more important aspects of your business.
There is always the risk that legitimate emails may well be filtered out, so you can of course view a list of all the quarantined emails and choose to act on them all collectively or by individual email.
If you are already a user of the Office 365 suite, you can bolt-on the ATP service almost immediately!
Want to get the best for your business?
At Antechs, we specialise in learning our clients’ business and best-applying security technology to their needs.
If you would appreciate a free brief discussion about your operational challenges & to explore the threats to your business, please get in touch today – 01480 570339 or drop us a line [email protected]