Great content delivered right to your mailbox

Thank you! Check your inbox for our monthly recap!

Phishing may sound like a leisurely activity by the lakeside, but that picturesque scene is far from reality. Hackers and scammers employ phishing to steal your data. All it takes is a single click to grant someone access to your organization’s confidential information. So, do you know how to combat phishing? If not, read on to learn how Office Protect can give you the security you need.


Learn how Office Protect helps keep your Microsoft 365 tenants safe with our e-book ↗


What is phishing?

Like the outdoor activity, phishing involves dangling bait in the hopes of securing a bite—except in this case, the bait is an email, and the bite is a seemingly harmless click on a link or attachment.

Hackers send fraudulent emails ranging from a “message from the CEO” to “pictures of the kids today” from your significant other, or even an urgent meeting request from your boss. Would you think twice about clicking on those after reading the subject lines?

The dangers of attachments

You may think that merely opening an email couldn’t possibly cause that much damage or even allow hackers to profit. And in some ways, you’re right—just clicking on the dangerous email usually does not cause harm. Rather, the danger is in the form of attachments. Generally, the bait in phishing emails involves some sort of enticement to open an attachment, like the aforementioned meeting request, a letter from the CEO, or pictures from home. Once the attachment is downloaded, any form of malware could infiltrate your company’s network.

This malware could be ransomware, a Trojan horse, a keylogger, or any sort of virus designed to either gain valuable information from your company or do you harm. Hackers can either exploit that information themselves or sell it to the highest bidder. In the case of ransomware, they can even lock you out of your own systems until you pay up.


How big of a problem is phishing?

If you haven’t been a victim of phishing or haven’t fallen for those emails, you may be inclined to dismiss this type of attack as trivial or a rare occurrence. In fact, a recent report by Microsoft ↗ shows that phishing has grown by over 250% with no sign of slowing down.

The art of successful phishing email

You may even think that your employees are invulnerable to phishing attempts. After all, why would any reasonable person ever open such an attachment? It would have to be obvious that it’s fake, right?

This is actually not the case at all. Phishing emails are generally disguised very well—41% of phishing domains include just one character swap ↗, and senders can easily set the “name” of the from line to basically be anything they want.

When you look at it through this lens, it’s easier to see how an otherwise distracted recipient, or even a careful one, could overlook those details and introduce malware into your network. Statistics suggest that this is true—at least 30% of phishing emails are opened ↗.

Problems for resellers and MSPs

If you are a reseller or managed service provider (MSP), you may be well aware of the dangers of phishing. Even so, you may still struggle to educate your clients about it. You obviously want to do more because your clients’ risk is your risk, too. If a client on one of your shared servers introduces malware into that network, it’s not just their information on the line—it’s yours and every other client’s as well.

This risk also applies to your employees. An employee who introduces malware into your system could be compromising not only your own information but also your clients’, so you must be especially vigilant. One wrong move could destroy your reputation.

So what can you do besides offering training that the client may or may not even take, or whose information they may end up disregarding in the end? Fortunately for everyone—small businesses, resellers, and managed service providers alike—Office Protect has a solution to help.


Flagging phishing email using tenant domain or staff name

Office Protect has a setting that will flag phishing emails that use a tenant domain or staff name. What does that mean? Basically, Office Protect will detect any emails sent from outside the organization that are using a staff member name or your own domain name in the sender field of the email.

When Office Protect detects these emails, it will not stop them from being delivered, but it will flag them with a message to alert the user of potentially suspicious activity:

“This email was sent from outside your organization, yet is displaying the name of someone from your organization. This often happens in phishing attempts. Please only interact with this email if you know its source and that the content is safe.”

When a user sees this, they’ll approach the email with more caution or even immediately flag it as spam.

It’s still possible that some internal systems, like ticket trackers, may trigger this message. But if that is not the case, the recipient should delete the email immediately without interacting with it.


How to enable: Flag phishing email

So how do you enable this setting? Simply go into your Office Protect dashboard and access the settings. You will then see a toggle menu to turn on the setting, as well as its security impact (medium) and user impact (low).

Want to use Office Protect or offer it to your clients? Contact us today to learn more about our available options.

Written by The Sherweb Team Collaborators @ Sherweb