Phishing Attempt to Grab Office 365 User Credentials

Office 365 users might receive a phishing attempt to say that they’ve just been paid by a UK healthcare group. The message shows some obvious signs to tell the recipient that it only contains trouble, but these signs are easier for humans to pick up than they are for machine learning. The combination of good message hygiene and user education should be enough to deflect phishing attacks.

Advertisements

Use ORCA to Check Office 365 Advanced Threat Protection Settings

ORCA is a project to help Office 365 tenant administrators validate their anti-spam and anti-malware settings against recommendations from Microsoft. ORCA is installed as a PowerShell module with just one cmdlet. After running Get-ORCAReport, you’ll have a report containing recommendations and observations about your configuration.

Exchange Online Protection Improves Zero-Hour Auto Purge (ZAP)

The fight against spam and malware goes on unabated. ZAP, or zero-hour auto purge, is an Exchange Online Protection (EOP) feature that’s getting some extra features to deal better with spam and phish malware. New policy controls are available to control the feature.

Safe Links and Safe URLs Delay Email Delivery For the Right Reasons

The Office 365 E5 plan includes Advanced Threat Protection (ATP), which builds on the anti-malware capabilities of Exchange Online Protection. ATP the includes Safe Attachments and Safe Links features, both of which can delay email delivery. I don’t notice the delay but others do. In any case, the more protection you have against malware, the better.

Reporting Spam to Make Exchange Online Protection Better

No one likes getting spam. Although EOP generally does a good job, Office 365 users can help themselves and help others by reporting spam that gets through to their mailboxes using Outlook’s Report Message add-in. And if they’d like someone else to report bad mesages, admins can do so through the Security and Compliance Center.