The FBI’s Internet Crime Complaint Center issued a PSA on July 12th, 2018 on the significant increase in business email compromise incidents, where business email accounts are compromised and used to transfer funds out of the organization (through wire transfer payments). Between October 2013 and May 2018, there have been a reported 78,617 such incidents, with a total dollar loss of over $12.5 billion.
These attacks are known as “whaling,” where high-profile employees in an organization are specifically targeted. In many cases, these targets can be executives, or those involved in financial operations within an organization. "Victims most often report a spoofed email being sent or received on behalf of one of these real estate transaction participants with instructions directing the recipient to change the payment type and/or payment location to a fraudulent account," the FBI said in its report.
Microsoft ATP Anti-Phishing technology has been designed to prevent these whaling attempts within your organization. The technology leverages machine learning models with impersonation detection algorithms to provide protection from whaling and spear phishing attacks. The tools, which are a part of the Office 365 Advanced Threat Protection (ATP) feature, can be quickly and easily implemented by a global admin or security administrator in your Office 365 organization.
Any user in your organization who has an ATP anti-phishing policy applied will have its incoming messaging inspected by the ATP policy and subsequent action will be applied. Actions include the ability to forward the message to a security administrator, delete the message, quarantine the message, or move it to the Junk Email folder.
At this time, up to 60 high profile users can be added to a policy to prevent display name impersonation, and your entire domains can be configured to prevent domain name impersonation.
In addition, mailbox intelligence can be enabled—a feature which analyzes your cloud-based user’s mail flow patterns to determine which contacts they communicate with most often. This helps Microsoft more easily identify when an email message might be from an attacker who's impersonating one of those contacts.
Click here for more information on ATP Anti-Phishing capabilities in Office 365.
By: Matt Morton