The fight against spam and malware goes on unabated. ZAP, or zero-hour auto purge, is an Exchange Online Protection (EOP) feature that’s getting some extra features to deal better with spam and phish malware. New policy controls are available to control the feature.
Phishing attacks through email happen all the time. A new relatively crude one arrived today. It’s easy for the trained eye to detect phishing, but do your Office 365 admins know how to use the tools available in Exchange Online Protection to suppress malware, and do your users know the signs of bad email? In this case, it’s an invitation to click to get to a PDF document to bring you to digitaloceanspaces.com. Some interesting things might happen afterwards, but I really don’t want to find out what occurs when I click the link.
Another day, another phishing attempt, this time trying to make unwary Office 365 administrators click on a link to “Retrieve Pending Messages” for their domain. I’m surprised this one got through!
A very exciting message arrived in my mailbox. So exciting that it was too good to be true. Some basic checks made me more suspicious and then Outlook’s Message Header Analyzer gave more evidence to think the message was bad.
The security company Avanan says that 10% of Office 365 users are affected by “PhishPoint.” That estimate seems pretty high to me.