Office 365 Advanced Threat Protection Warns Against Unsafe Email Links

Office 365 Threat Detection's new URL Detonation feature helps email users avoid the consequences of clicking on malicious links to malware or phishing attacks.

Email URL Detonator 2

Microsoft continues to wage war on phishing attacks and email scams. In an update to Microsoft's email security service, Office 365 Advanced Threat Protection, the software giant is making it tougher for dangerous links within email messages to escape attention.

On Jan. 25, the company announced the availability of a new feature dubbed URL Detonation, which builds on the product's existing URL reputation analysis and scanning capabilities to alert users when a suspicious link appears in an email.

"If the user clicks a link during the scan, the message 'This link is being scanned' is displayed," explained the Microsoft Office 365 in a blog post. "If the link is identified as malicious after the scan, a pop-window opens notifying the user that the file is malicious and warns the user against opening it."

In the event users ignore the warning and click on dangerous URLs, administrators can mitigate the damage by setting a Safe Links tracking policy within Advanced Threat Protection. This enables IT security personnel to determine which users didn't heed the URL Detonation warnings, allowing them to focus their remediation efforts on those users without affecting others.

Administrators can turn on the URL Detonation feature in the Safe Links settings page and clicking the checkbox near the "Use Safe Attachments to scan downloadable content" option.

Phishing remains a top security challenge at enterprises mostly because users habitually open attachments or click on web links contained in seemingly harmless emails.

Using data collected from its Duo Insight phishing simulation tool, two-factor authentication specialist Duo Security found that nearly a third of all users fall for a phishing attack. Worryingly, 17 percent went as far as clicking a suspicious link and entering their username and passwords.

And businesses shouldn't assume their PCs are immune to infection because 68 percent of users work on out-of-date operating systems and 62 percent were still running outdated, potentially vulnerable web browsers.

Microsoft also added a new feature called Dynamic Delivery that helps users remain productive while Office 365 Advanced Threat Protection scans for unsafe attachments. Currently available in beta, Dynamic Delivery makes is possible for users to read and respond to emails while their attachments are being scanned.

Although Microsoft has made strides in keeping scan times brief, all malware scanners require at least a moment or two to analyze a file. For users working under tight deadlines or on projects where every second counts, Dynamic Delivery allows them to quickly send out a response. On the recipient's end, a placeholder attachment notifies the user that scanning is in progress.

Once the scan is completed, and if the attachment is deemed safe, Dynamic Delivery will seamlessly reattach it to the email. If it detects a dangerous payload, it filters out the attachment, preventing the attachment from being redistributed. The feature can be enabled by clicking the Dynamic Delivery radio button in the Safe Attachments settings screen.

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the network of...