Tag Archive for: spam

,

You’re right – a huge number of your work emails are just spam

2022 sees rise in ‘unwanted’ emails as phishing attacks remain popular

A large proportion of your work emails may not be useful in any way, a new report examining billions of messages has claimed.

Research from Hornetsecurity analyzing 25 billion business emails found nearly half (40.5%) are ‘unwanted’, and could even represent a serious threat to businesses.

The report also revealed how email remains an incredibly popular threat vector, with the most common kind of malicious messages being phishing attacks – emails pretending to be from well-known companies, sometimes quite convincingly – which made up 39.6% of all threats.

False sense of security

When it comes to malicious email attachments, Archive files such as Zip made up the greatest proportion (28% of messages), followed by web files (HTML) at 21%. Text based files were also commonly employed, with tainted Microsoft Word documents making up 12.7%, PDF 12.4% and Excel 10.4%.

The report also found new methods are being developed by cybercriminals in response to the changing digital landscape. For instance, attacks exploiting the macro capabilities in Microsoft 365 are no longer viable since Microsoft disabled the feature last year, specifically to shore up its security.

As a result of this, new tactics have been adopted. HTML smuggling has risen, where hidden LNK or ZIP files are contained within web links to deploy malware.

Hornetsecurity CEO Daniel Hofmann warned that given the prevalence of cloud based systems, such as Microsoft 365, their use should merit the same level of caution. Hornetsecurity’s report found that a quarter of respondents did not know that 365 could be a potential gateway for ransomware – some even presumed it was invulnerable to such threats.

“Ongoing training should be in place to prevent fraudsters from manipulating the trust people have in Microsoft and other office systems”, Hoffman advised. He also made specific mention of Microsoft Teams, adding that “it’s also critical to ensure all data shared via this platform is backed up.”

Other reports have found a similarly high – or even higher – proportion of spam emails in people’s accounts. Recent findings from Kaspersky, for instance, put the figure between 45-85%.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechRadar SOURCE

/by
365 Phishing Scams

Fighting phishing scams with Microsoft 365

Microsoft is a known provider of top-tier business productivity software — and its commitment to its subscribers’ cybersecurity is integral to that reputation. To fight phishing, one of today’s most prevalent cyberthreats, the tech titan has equipped Microsoft 365 with powerful features.

Among the many business solutions that Microsoft offers is email hosting through Outlook. This service is protected by Microsoft Defender for Office 365. Defender has many key features:

1. Anti-phishing

The most dangerous types of phishing scams masquerade as emails from a party the victims know, such as their boss, colleague, business partner, or bank. A phisher may use crafty impersonation tactics, such as referring to the victims by their nickname, making it harder to immediately identify the scam as fraud. A cybercriminal may even take over actual email accounts and use these to completely fool their victims.

Using machine learning, Defender creates a contact graph of contacts that users normally exchange communications with. It then employs an array of tools, including standard anti-malware solutions, to differentiate good from suspicious behaviors.

2. Anti-spam

Generalized phishing campaigns utilize spam emails, which are sent to a large list of email addresses, to catch random victims. Stopping spam is, therefore, a great start to protecting your company from a phishing attack.

Microsoft 365’s anti-spam technology addresses the issue by examining both an email’s source and its contents. If an email is determined to have come from an untrustworthy source or has suspicious contents, then it is automatically routed to your spam folder. What’s more, this feature checks the activity of people in your company to ensure that none of them sends out spam emails.

3. Anti-malware

Malware, such as ransomware and spyware, can spread via phishing emails. Ransomware locks data and programs from users until a ransom is paid. Spyware, on the other hand, steals data by recording keystrokes, copying clipboards, and taking screenshots, among other methods.

Microsoft 365 employs a multilayered defense against both known and unknown types of malware. This covers the different stages of email transmission, including filtering potentially harmful attachment formats, and real-time threat response. Microsoft also regularly deploys malware definitions to keep its defenses updated.

4. Safe Attachments

Some phishing emails contain file attachments that infect your computer with malware. Any email attachment should be handled with caution, but it’s not uncommon for some users to accidentally click on one, especially as they rush through the messages in their inbox.

Defender resolves this issue by opening all attachments in a sandbox first. This sandbox is an isolated environment, so even if the attachment contains malware, it would not affect your system. While in the sandbox, the attachment is meticulously scanned. If it’s clean, Microsoft 365 will allow you to open it as normal. If it contains a threat, the service will notify you of the issue. Microsoft uses some of the information collected by Safe Attachments to further improve the feature’s capabilities.

5. Safe Links

Instead of attachments, some phishing emails contain URLs that lead to websites — often spoofed versions of legitimate websites — that require victims to provide their personal information such as their account credentials. Some of these URLs lead to download pages that infect your computer with malware.

In a process called URL detonation, the Safe Links feature protects users by scanning the links in their emails and checking for malicious behavior, such as the transmission of malware. If the link leads to a malicious website, Defender will warn users not to visit it. Otherwise, users can proceed to click and go to the destination URL without a hitch. But even so, the service will rescan the link in the succeeding days and report any suspicious changes.

What’s great about Safe Links is that it doesn’t just scan links from unfamiliar sources. It also scans links in emails from people within your company and works on files uploaded to Microsoft Teams and SharePoint.

6. User Submissions

Microsoft 365 allows you to set a specific mailbox to send emails you deem a threat. The User Submissions feature lets you set criteria for both malicious and safe email and identify mailboxes besides your spam folder to keep these messages in. This feature gives your administrators greater control over which emails to flag and which to report to Microsoft.

7. Enhanced Filtering

If your company uses third-party services to route emails before they are sent to Microsoft 365, you will benefit from Enhanced Filtering for Connectors. Microsoft 365 uses inbound connectors to determine the trustworthiness of email sources. The more complex your routing scenario is, the more likely that an email’s inbound connectors will not reflect its real source.

Enhanced Filtering preserves authentication signals that may have been lost over the course of routing emails. This maximizes the effectiveness of Microsoft 365’s overall filtering capabilities, helping it detect spam and phishing emails.

If you need an email service that promotes efficiency while protecting your business, we can implement and manage Microsoft 365 for you. Just call us today to get started.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

/by