Battling the Blight: Ways to Improve Office 365 Email Security

Nobody can accuse Microsoft of lack of effort when it comes to phishing defense. Even a cursory online search yields pages of sensible advice that the company offers to help customers defend Office 365. Yet despite the company’s wholehearted intent, its anti-phishing effectiveness leaves room for improvement. This unfortunately results in a major security gap, especially as Office 365 phishing continues to remain popular as a “must have” skill set for any cyber crook.

While Office 365 is on a mission to help customers resolve vulnerabilities that threat actors can exploit, in truth, the bad guys treat these earnest efforts as just one more feint in the high-stakes ‘gotcha’ game that is phishing. To date, only Area 1 Security has been able to ramp up a meaningful defense against email phish, with the numbers to prove it. In a mere 12-week window, for example, Area 1’s preemptive solution saved several Fortune 500 customers $231 million in active fraud that would have almost certainly ended up in criminal coffers.

In our latest webinar 5 Ways to Improve O365 Email Security, hosts Kevin Wilson, Senior Product Manager and, Dom Yip, Director of Sales Engineering, deliver vital insights on reducing IT costs and complexity while revealing just how outrageous and ingenious phishing attacks have become in 2020.

While there are some steps you can take within Office 365 to enhance protection, Microsoft’s well-intended native defenses are handily overwhelmed by the sheer frequency and ferocity of these threats. The truth is that nobody who relies solely on Microsoft’s ATP for security can feel confident that a Type 3 BEC attacker won’t swoop in for a massive payday after months of patient manipulation.

BEC’s Existential Threat to Office 365 Defenses

Increasingly authentic-appearing and destructive, BEC is now reaching levels of deception that were unguessed at even a year ago. Gartner makes the point that, “Through 2023, BEC attacks will continue to double each year to over $5 billion and lead to large financial losses for enterprises.”

A quick course on BEC evolution:

    • Basic Type 1 BEC seems almost amusingly obvious now, especially with its frequent typos. Nonetheless, Type 1 BEC has been highly successful simply by leveraging a CxO as the lure and using display name spoofs. It will never cease being dangerous.
    • Type 2 BEC uses intra-organizational impersonation to carry out account takeover, leveraging functional employees or peers as the lure and using display-name spoofs and/or urgent, immediate calls-to-action in order to access funds and quickly exfiltrate them.
    • Type 3 BEC — The “Long Con” — is a patient, masterful stalk. Externally sourced, Type 3 BEC is an inter-organization or partner impersonation that leverages a partner’s functional employees as lures and establishes “trust” through devious social engineering. The difficulty of seeing through the mask of the long con makes it particularly dangerous. Compromising a vendor is integral to the trap, which spreads and exacerbates the damage.
  • Already on the horizon is BEC Type 4: as attackers grow bolder and more confident, this next step in BEC evolution is already poised to spoof both the partner and the victims—conning both at the same time.

Healthy Fear Is Vital to Effective Phishing Defense

Never underestimate the risk of BEC. Any complacency or misplaced trust in legacy solutions keeps you from spotting these attacks. The point is that as threat actors advance and evolve. So should you or risk being at their mercy.

Gartner is unequivocal in warning: “As more sophisticated BEC attacks occur, cloud-based systems such as Microsoft Office 365 enable hackers to obtain user account details … and then use those credentials to log into a user’s account.” As attacker techniques evolve to appear more like legitimate logins, defenses must also learn to recognize these for the attacks they actually are.

This is why Gartner advises that “security and risk management leaders should choose a solution that continuously adapts to organizational sending patterns, rather than a pre-built model.”

The Shortcomings of “Retrofits”

It seems hard to believe now, but there was a time when spam was considered the number one email threat. That’s why most email security offerings were built to address those obnoxious blizzards – Office 365 included. As the true nature of the threat revealed itself, spam defenses were essentially “retrofitted” to take care of phishing too. Nothing could have pleased the attackers more.

Basic cloud email defenses simply aren’t architected to deal with phish – even when layered with a Secure Email Gateway (SEG). SEGs easily spot spam and commodity threats but fall down when faced with the ingenuity of phishing attacks. Legacy solutions cannot perform the deep analysis necessary to identify today’s threats. In fact, this effort is not only costly and ineffective, but delays emails and actually creates exposure.

Specialized Phishing Protection for Cloud Email

Layering Office 365 with cloud-native, anti-phishing can protect organizations against phishing. Area 1 spots and blocks lower-level threats and is a specific anti-phishing engine of the type that Gartner recommends, capable of detecting emerging attack infrastructure before launch and blocking threat campaigns preemptively.

    • Proactive Threat Discovery and Massive-Scale Phish Indexing
      Area 1 strategically deploys active-sensors to proactively track threat-actor infrastructure and activity data flows. High-speed crawlers continuously scan the web—over 6 billion pages and 6 Petabytes of attack data every couple of weeks—examining every web page, URL, domain and IP address to find telltale emergent patterns. No SEG employs techniques like browser emulation or impersonates user behavior to proactively discover and index malicious sites.
    • Specialized Machine Learning Algorithms
      Area 1’s machine learning algorithms deconstruct message content, using the vast quantities of raw data collected from its ActiveSensor network to train machine-learning algorithms and identify malicious actors and infrastructure weeks before the rest of the industry.
    • Cloud-Powered, Real-Time Updates
      Area 1’s cloud-native design also allows new algorithms to be deployed every 15 minutes. Because the raw training data from our ActiveSensor network evolves so quickly, Area 1’s machine learning models can react in real time to changes by threat actors.
  • No Tuning Required
    While SEGs put the onus on the customer to tune results, Area 1’s data scientists and security researchers do all tuning, which spares customers from having to decide what to flag.

Area 1 makes the case for superior anti-phishing security with its cloud-native simplicity and scalability, built-in enterprise-grade email hygiene, and best-of-breed attack prevention.

Check out the webinar and see for yourself how Area 1 can improve Office 365 defenses against targeted phishing attacks.

Want to keep up to date with the latest phishing trends? 

Subscribe to our newsletter here!


Understanding the Four Business Email Compromise Attack Types

Business Email Compromise (BEC), also sometimes referred to as email account compromise (EAC) or vendor email compromise (VEC), is a type of phishing attack that takes advantage of an existing relationship between a victim and organization.

Area 1 Security Announces the Most Spoofed Brand of 2021

Dear America’s sports-loving, company-securing fans: Before you find yourself glued this weekend to (what some call) THE biggest game in college basketball history, we are here to crown the 2022 March Hackness winner!

2022 March Hackness: The Return of the Phishing Bracket

Area 1 Security’s Sixth Annual March Hackness: The Perfect Phishing Bracket is here! Learn who made the list of the top brands that attackers use in phishing lures.