Microsoft Exchange Online Protection Combats 'Peer Phishing'

New updates make it tougher for phishers to pull off scams that rely on impersonating bosses, co-workers and other personnel.

Microsoft Exchange Online Protection

Microsoft is combating email-based insider spoofing, making it harder for the employees of Exchange Online Protection customers to fall for phishing emails that appear to come from their bosses and work colleagues.

Insider spoofing, also known as "peer phishing," refers to "a phisher impersonat[ing] high-ranking company executives by spoofing the company's email domain," explained Shobhit Sahay, technical product manager for Microsoft Office 365, in a company blog post. "The email looks like an internal email, making it hard for existing filters to identify as malicious."

With a new update that employs many of the technology investments that Microsoft is devoting to its intelligent enterprise cloud efforts, the company has massively improved its phishing detection rates. Fortunately, by built-in intelligence that leverages big data, strong authentication checks and reputation filters, Exchange Online Protection has strengthened its counterfeit detection by over 500 percent," continued Sahay.

Microsoft is also introducing a new feature aimed at empowering the weakest link in email security: users.

By the end of the first quarter, the company's browser-based Outlook on the Web software will feature a new phish-reporting option in the junk mail menu. "The 'Report as phishing dialog' is displayed and includes a link to learn more about phishing and gives you the option to send a copy of this message to Microsoft to help the research and improvement of email protection technologies by clicking the 'Report' or 'Don't report' button," Sahay said.

New, highly visible Outlook on the Web safety tips will alert users to emails from untrusted sources. "The idea behind Safety Tips in Outlook on the Web is to educate users by augmenting written notification of the message status by adding a red bar at the top of suspicious or phishing emails," stated Sahay. "This added visual cue provides an alert to protect you from a potentially fraudulent request or other suspicious action."

Also new is a private beta of Dynamic Delivery of Safe Attachments, which enables recipients to read their emails while the Advanced Threat Protection Safe Attachments feature analyzes suspicious files that accompany the messages, typically a five- to seven-minute process.

Instead of delaying such emails, it now sends "the body of the email with a placeholder attachment, while the actual suspicious attachment undergoes a Safe Attachment scan," Sahay said. "Recipients can read and respond to the message, which includes notification that the original attachment is being analyzed." Dynamic Delivery of Safe Attachments is slated to be generally available later in the first quarter, he added.

Another technology called Zero-hour Auto Purge automatically reclassifies unread emails when their status changes. "For example, if a message is delivered to your inbox and later found to be spam, Zero-hour Auto Purge moves that message from the inbox to the spam folder; the reverse is true for messages misclassified as spam," said Sahay. Also currently in limited beta, the feature will be switched on for Exchange Online Protection customers in the first quarter.

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the network of...