Do you ever wonder why Microsoft consistently tops the list of favorite brands to target with phishing scams? Because it’s one of the most widely used brands, AND because apparently it’s security isn’t very good.
Now comes word of a spear phishing scam, targeting a company in the energy sector, “using a savvy trick to get around the company’s Microsoft email security stack.”
According to an article on ThreatPost, “the campaign impersonated the CEO of the targeted company, sending email via Google Drive purporting to be ‘sharing an important message’ with the recipients. The email was legitimately sent by Google Drive to employees.”
The article goes on to say that “By using an authentic service, this phishing campaign was able to bypass Microsoft Exchange Online Protection and make its way to the end user. The technique of using Google Drive to disseminate a phishing email helps bypass email security service measures because of the difficulty of blocking a legitimate business service.”
That’s Microsoft’s excuse? It’s difficult to block legitimate looking emails? That’s the crux of phishing: making nefarious emails look legitimate. If you can’t block those then you have no protection at all. Wait, it gets worse.
The article adds “the link within the email body links to an actual Google Drive share with documents to download – and the Microsoft email body inspection tool does not examine where the user may be taken after clicking the non-malicious Google Drive link.” Detecting those malicious links is basic phishing protection 101. What’s the difference between Microsoft’s security and no security at all? Not much.
Phishing protection today requires real-time link click protection. Apparently Microsoft, a company worth over a TRILLION dollars, hasn’t gotten the message.
Real-time link click protection involves checking every link in an email, when the link is clicked, no matter when it’s clicked, by following the link all the way to the end to see if it points to is a malicious website (or a malicious attachment). And if the endpoint is malicious, you protect the user by preventing them from having the click go through. That’s how you protect users today, Microsoft.
Microsoft should be ashamed of itself. Leaving its customers vulnerable while telling them they’re safe. If you’re using Microsoft Exchange Online or Office 365 for your email, you cannot rely on their security to keep you safe. You’re going to need additional security that provides real time link click protection. You’re going to need DuoCircle with Advanced Threat Defense.
DuoCircle with Advanced Threat Defense provides email security with real-time link click protection, 24/7 on any device. It works with all email platforms, including Microsoft’s, and can be up and running it 10 minutes. Try it risk free for 30 days.