Microsoft Exchange Online Protection Combats 'Peer Phishing'
New updates make it tougher for phishers to pull off scams that rely on impersonating bosses, co-workers and other personnel.Microsoft is combating email-based insider spoofing, making it harder for the employees of Exchange Online Protection customers to fall for phishing emails that appear to come from their bosses and work colleagues. Insider spoofing, also known as "peer phishing," refers to "a phisher impersonat[ing] high-ranking company executives by spoofing the company's email domain," explained Shobhit Sahay, technical product manager for Microsoft Office 365, in a company blog post. "The email looks like an internal email, making it hard for existing filters to identify as malicious." With a new update that employs many of the technology investments that Microsoft is devoting to its intelligent enterprise cloud efforts, the company has massively improved its phishing detection rates. Fortunately, by built-in intelligence that leverages big data, strong authentication checks and reputation filters, Exchange Online Protection has strengthened its counterfeit detection by over 500 percent," continued Sahay. Microsoft is also introducing a new feature aimed at empowering the weakest link in email security: users.
By the end of the first quarter, the company's browser-based Outlook on the Web software will feature a new phish-reporting option in the junk mail menu. "The 'Report as phishing dialog' is displayed and includes a link to learn more about phishing and gives you the option to send a copy of this message to Microsoft to help the research and improvement of email protection technologies by clicking the 'Report' or 'Don't report' button," Sahay said.