Still have the confidence of being a smart fish in the vast ocean of Internet? Still bear 100% trust for well-known and commonly used websites? You may renew the concepts now – at least do hesitate for 10 seconds before clicking the URL in an email instructing you to reset your Microsoft ID.
According to the Spear-Phishing Report released by Barracuda. Network, brand impersonation schemes – most notably Apple or Microsoft – account for 83% of spear-phishing attacks among 350,000 spear-phishing emails.
What is spear-phishing?
You may refer to our previous article Spear Phishing Is Close to You for details, but generally, it is the most commonly used type of phishing attack on individual users as well as organizations. It gets popular for its tactics in having you fall for a delicately tailored trap.
Why is it dangerous?
- Pretending to be your trustworthy service provider, phishers would also describe their requests to be important, urgent and easy-to-do. For example,
We have received your itunes account is used for fraud. Your account will be suspended until you confirm that the original user account to confirm that you are the original user of this account:
- Coming from reputable senders and are typically hosted on domains that weren’t previously used as part of any malicious attack, such spear-phishing is easier to bypass traditional email security.
- Another side of its delicate tailoring is that phishers do a complete social profile research about the user and their organization – through their social media profile and company website as well as other private data exposed on the Internet. As targeted as it is, spear-phishing distinguishes itself from traditional phishing in which emails are sent to millions of unknown users.
All of these make one hard to escape from phishers’ hooks.
How does it harm you?
Simply temped by the bait, a fish may get hooked and lose its life. Likewise, clicking fake links of Apple and Microsoft serves as an entry point to have your credentials and account taken over, as well as personally-identifiable information like credit card and Social Security numbers stolen.
What can I do to help then?
The first step of solving a problem is recognizing there is one. If you happen to be an Outlook user, you may take the following measures as precaution:
Spam Filtering in Office 365
Office 365 has a comprehensive set of features to control spam. This feature is available for all subscription levels.
Go to “Admin”→“Security and Compliance”→“Threat Management”→“Dashboard”→“Configure anti-spam policy”, or directly click https://protection.office.com/?rfr=AdminCenter#/antispam
The admin can choose standard settings.
Or customize it by choosing to “move message for Junk Email folder” for phishing email.
If you find this a little bit complicated, well, there is another effortless way out – Mr. Post.
Being an add-in for Outlook, Mr. Post is a free and convenient protective cover that warns you of spear-phishing with merely one click and safeguards your email security.
Available now on Microsoft AppSource.