Connect with us

Hi, what are you looking for?

Tech & Science

Expert view: What to do about the phishing email bombardment?

Despite advances in technology, email use remains vulnerable as a new Micrsoft warning testifies.

Sending a short email is estimated to add about four grammes (0.14 ounces) of CO2 equivalent (gCO2e) to the atmosphere. - Photo: © AFP
Sending a short email is estimated to add about four grammes (0.14 ounces) of CO2 equivalent (gCO2e) to the atmosphere. - Photo: © AFP

Microsoft is warning Office 365 users and administrators to be on the lookout for a phishing email with spoofed sender addresses. This is because a current active campaign is targeting Office 365 organizations with convincing emails and several techniques to bypass phishing detection, including an Office 365 phishing page, Google cloud web app hosting, and a compromised SharePoint site that urges victims to type in their credentials.

As to what to make of this issue, Troy Gill, Manager of Security Research, Zix, AppRiver, tells Digital Journal that it is time of businesses to take note of the current threat and threats that will undoubtedly emerge in the future.

Gill explains the nature of the attack, noting: “Phishing continues to be the bread and butter for bad actors looking to gain access to sensitive information. We continue to see phishing campaigns rise, with even more intricate attempts to deceive the everyday individual to gain access to credentials and cause further harm to individuals and enterprises.”

What concerns Gill are the methods being deployed. Here he states: “The tactics described in the warning by Microsoft, which outlines attackers abusing legitimate services like Google and SharePoint, have become very popular over the past several years.”

Based on this, what are the best actions for businesses to follow?  In order to help reduce the risk of phishing campaigns and other email threats, Gill provides Digital Journal readers with the issues that organizations should keep in mind:

  1. Never reuse the same password on different services, if the service is compromised attackers will try that same password for others.
  2. Limit authorized use of third-party services- this will help limit the attack surface criminal have to work with
  3. Use end-to-end email encryption for any message containing confidential or personally identifiable information
  4. Ensure your solution is capable of dynamically analyzing email attachments and URLs
  5. Continuously audit your email environment. A O365 Security audit can provide critical insights into possible compromised accounts as well as if there is activity on accounts that should no longer be active
  6. If there is any suspicion about a message or transaction, it never hurts to call the sender. Most will be glad of your security protocols in place to help prevent fraud.
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Tech & Science

Leaders may be going into the UN climate summit in Glasgow with the do-or-die goal of limiting global warming at 1.5 degrees Celsius.

World

In this file photo taken on October 10, 2021, Aya Biran (C), paternal aunt of Eitan Biran who was the sole survivor of a...

Tech & Science

Lakes in the Northern Hemisphere have been warming six times faster since 1992 than they were in the past 100 years.

World

People attend a candlelight vigil in Burbank, California, for cinematographer Halyna Hutchins, who was accidentally killed by a prop gun fired by actor Alec...