These days, every size of organisation is a potential target for a cyber attack. From a simple phishing attempt, where an attempt is made to obtain a user’s login details or other sensitive information, to a more destructive attack such as mass file deletion. No matter how much user training you complete, there are always going to be occasions where user error potentially lets one attack slip through the net. There are, however, some built-in features within Office 365 which can help to assist your users and apply an extra level of simple protection.
At a quick glance
The more companies transition into a paperless model, the more emails each user handles daily. With this, the risk of clicking on a link and landing on a spoofed login page increases. One simple way to help reduce the risk of falling for a spoofed website attack is to use the Corporate Branding features within Azure Active Directory.
With Corporate Branding applied, as you log in via an Office 365 Sign-In Screen you are greeted with a custom image and logo. This is done by checking your username against Azure Active Directory and pulling through your organisation’s branding. This will help identify the website you are accessing as an official Microsoft login page for your company. Essentially, if you don’t see your branding on a login page, it could potentially be suspicious and it may be worth double-checking the original source of the link.
An example of an unbranded, generic Microsoft login form and the equivalent form after branding has been applied can be seen below:
If you have a paid subscription to Office 365, Microsoft Dynamics CRM Online, Enterprise Mobility Suite, or other Microsoft services, you will have a free subscription to Azure Active Directory which will allow you to apply this branding.
If a user is unfortunate enough to surrender their login details in a phishing attack, one modification that attackers have been known to to apply is a redirect on the affected mailbox which forwards all received emails to an external email address. In some cases, they may also create an inbox rule to delete these emails after forwarding. This can lead to password reset emails not being received by the affected user. This can allow the attacker to gain access to additional services even if the password was not the same as the one which was originally obtained in the phishing attack. The attacker will then complete password resets against your email address on various websites including Social Media, personal email services and online banking.
A good way to protect against this is to create a transport rule that prevents an email being forwarded to an email address located outside of your organisation by deleting the email and returning an error. An Incident Report can then be created and sent to another recipient to notify them that this rule has been triggered, helping to prompt further investigation.
If you have an active support agreement with Strategy 365 Ltd or would like to discuss any of the above features, please contact firstname.lastname@example.org