Why Office 365 Built-in Phishing Protection is Not Reliable

Phishing attacks are more common than you imagine. For beginners, phishing is a form of unethical hacking which involves making counterfeit web pages or emails. These are then used to entice the victim to divulge some personal details, such as passwords, bank account details, phone numbers, addresses and even other extremely personal media that could be used maliciously. The hackers, if otherwise not equipped with an intention, ideally ask for a heavy ransom. In other cases, derogatory messages or theft has been reported.

Operating systems are easy targets of phishing, because they often hold the key to a large number of digital accounts and fingerprints. After several reports from Office 365 users who have suffered massive data breaches, we bring you a set of reasons why this system’s built in user system is not quite reliable.

It Can Be Convincingly Counterfeited

Office 365 by Microsoft sends mails to users when they avail a service, such as a free trial. These mails, though mostly identifiable, can be counterfeited. For example, users are less likely to fall for a mail with tons of spelling errors, or an unconvincing design. In some cases, the hackers are able to reproduce a similar version of a mail. This, when sent from an email address that seems official, catches the user off guard. Though Microsoft continuously looks after these new addresses and marks them off on their server, it is improbable that at least one mail would be able to harm somebody in a really nasty way.

In other cases, hackers focus on Microsoft’s storage application, known as OneDrive. They are sent a mail or a link, which leads to a fake OneDrive login page. The user unknowingly then attempts to log in by entering the username and password, which can then be collected by the hacker.

Phish Point Problem

Researchers at Avanan have recently chanced upon this method of attack. The only problem is that this type often goes undetected by the phishing filter employed by Office 365. Malware detection and prevention softwares typically measure links to compare if they are safe or not. The Phish Point software circumvents that problem by sending the user a link which is safe but can still be used to collect data. As the link is not directed to an immediate virus, it is unlikely for the existing antivirus software to be able to detect it. This creates a major problem for users, who can easily be misled by such malicious emails. Many users refer to sites like phishprotection.com office 365 for additional support and protection for their devices.

SharePoint Related Problems

Another clever, yet tricky way in which hackers overcome the problem of the phishing filter is by creating a SharePoint document, and then using that to their aid. They send a SharePoint request offering them control over editing the file. Being a legitimate SharePoint request, the malware detection software can do little to stop the virus from seeping through. This can then be utilized in the hacker’s favor, who will use the collected information for unethical purposes.

Countering the problem of phishing scams is never easy. While softwares are constantly regulated and updated by their host companies (in this case Microsoft), there is always a thin line of uncertainty in this regard. Scammers can always design newer and more engaging emails and links to attract unsuspecting users into giving away their personal data. It is important to be educated about the various ill effects of these attacks and the methods of prevention. Users are advised to not respond to any editing requests that they are not expecting. There is only one common OneDrive login page, and it is useful to acquaint oneself with it. By staying alert, attacks can be thwarted quite easily.