The effectiveness of phishing lies in its simplicity and how easy it is to run it en masse. This is one of the reasons why it remains one of the most widely used scam methods..
This method of identity theft applies to a greater extent to email clients. They can be sent to any email address And of course, the Outlook service is not without this threat.
In the next few paragraphs, We will teach you step by step how to protect your email account against this type of scam, and the risks What can the do not shield your personal Outlook information.
What is Phishing and what are the risks of falling into it?
Phishing is a very common form of scam used against users of email services or instant messaging. The goal of this cyberattack technique is tricking or intimidating the user into sharing personal information with attackers. This information may consist of personal data. It can also include business or banking information, and even a request for transfer of funds.
The most commonly used procedure is to send an email to the target, sent from an email address that usurps the identity of an acquaintance or a company that the target trusts. The tone of the message is generally urgent. When attackers know what they are doing, it is when this scam is most effective, since, in many cases, the messages include a redirect link to fake pages that are very convincing imitations of a legitimate page.
In general, the phishing It applies to instant messaging and email services, as these offer greater ease of concealing identity through customizable names and images. When it comes to Outlook, one of the most widely used email services in the world, it is a more common phenomenon than one might imagine. With this in mind, there are measures and tools that we can use to protect our data.
What are the main phishing techniques?
This cyberattack method is so versatile that it can be applied on various platforms, and affect a large number of users. It has reached the point that it is very common to see messages of this type on WhatsApp, as well as on our text messaging platform. Nevertheless, one of the methods that offers the most freedom for a phisher is an email platform, as it allows you to modify the appearance of the message, and attach websites that, if entered, may violate the integrity of the user’s data.
Considering this, the most common forms of phishing seen in emails can be summarized as follows:
Spear phishing
In this modality, the procedure to reach the potential victim consists of impersonating a high-profile person, a known prey, or a senior position within an organization. By this means, the phisher sends the victim an email containing a large amount of information regarding the victim, with the aim of making him believe that he knows him, and thereby pressure you to share information, which the phisher will then sell on the black mark, or use against the victim.
Redirect Phishing
This procedure is a bit more complex than others, since it requires two web domains for the scam to continue, making it less common. However, this does not make it less risky, since it is used in massive campaigns, and although its percentage of victims is much lower, it still translates into several thousand people
Through this modality, the attacker sends chain emails telling a story, as convincingly as possible to convince the target to enter the links attached in the email. These links lead to websites that may compromise the security of the email account, or introduce spyware or other malicious programs on the computer, putting at risk, not only the user’s information, but also his computer.
Whaling
This method focuses more on the storytelling. When applied, the phisher impersonates a high-ranking employee of a well-known company, and tells a pretty credible story to the target in order to get them to let their guard down. Once this goal is met, the phisher makes a claim. This can vary between filling out a form with personal data, entering a certain website or sending a payment to a service.
Tips to avoid being a victim of phishing in Outlook
Although Outlook has phishing detection tools, ultimately, responsibility for data protection rests with the user, and the steps it takes to protect your information. The methodology applied by hackers usually corresponds to a specific pattern, with some variations in each one.
Therefore, the steps that will be described below to reduce the chances of falling for a scam can be used in any mail service:
Verify the legitimacy of the sender
As a first step, it is necessary to ensure that the sender of the suspicious email is true. The procedure for this depends on whether the phisher is trying to impersonate a personal acquaintance or a company. For the first case, the solution is as simple as contacting the said acquaintance by other means, and make sure you sent that email. For companies, it is most of the case, they have their own domain in their email addresses, which can function as a clear indication of whether a message is legitimate or not.
Search for flaws in email content
Whether it’s because the scammer is newbie, careless, or just doesn’t care, in many cases there is the situation in which the content of the email is plagued with spelling mistakes, which betray the scam. In conjunction with this, it is possible to find many other signs by means of which we can realize the possible deception.
These signs can be generic and non-personalized greetings, absence of contact information in the message signature, and a general tone of urgency and even threat in the body of the message.
Other indicators that the user should be aware of:
- Outlook alert for suspicious activity on a user or message.
- The email urges the user to enter a website, fill out a form with personal data or make a payment
- Offer of free prizes.
Implicit email authentication
Microsoft 365 has a function known as “Implicit email authentication” , by means of which the system will be able to identify the sender’s activity, and verify its authenticity automatically and safely for the user This study is carried out by means of a study of sender behavior history, sender’s sent mail history, receiver’s history and sender’s reputation, among other advanced techniques analysis.
Verify the security of the links
It is very common that in phishing emails a link is included that may lead to pages with malware or spyware, or sites forged with the intention of deceiving the user, pretending to be a legitimate web page of a company known to the user.
Even if the link is disguised with modified text, it is possible to identify it by positioning the cursor over the link text, without clicking. This action will show us the real link that is hidden, and we can study it properly. Besides this, we have online verification software, that we can find in http://virustotal.com where we will have the possibility of paste the link and check if it contains any malicious software.
Don’t download attachments
Emails containing attachments are especially risky if they come from unknown users. These files are the perfect host for spyware, which enter your computer and spy on your activities. To avoid this type of cyber attack, the best option is to avoid opening attachments from unknown users, in conjunction with keeping your computer’s firewalls and antivirus up-to-date.
The best security tools to avoid being a victim of phishing
Because the phishing it is a constant risk for all email services, and it is also constantly evolving, You should not skimp on tools and means of protection against these types of scams.
Next, we will show you the best tools you can have to protect your Outlook email account against phishing in most of its forms:
Microsoft Office 365 ATP
This Office 365 feature, named as Advanced Threat Protection, works as a security service for emails, widely used in the corporate environment. Its popularity in this environment stems from the fact that provides one of the most data-processing artificial intelligences available, allowing to recognize potential phishing elements in an email. Its initial cost is € 2 per user per month, up to € 5 with the addition of accessories.
Mimecast.com
This service is designed for the protection of company data, providing a secure platform, which includes the protection of the corporate brand. In the same way, it provides protection through backup copies of corporate email services. Thus, the company will have a constantly updated backup database in the event of a successful attack, thus allowing to give continuity to the service provided.
Avanan.com
Figure as many of type platforms SaaS who are responsible for security enhancements in Office 365 and Workspace. It works by means of a cloud-based service, which allows the user to manage security options efficiently from any computer.
Can connect to platforms such as Office 365 and Workspace via API, and is part of a line of anti-phishing products that start their services for € 4 per month per user, which includes options for email filtering, account theft protection and settings security, among others.
PhishProtection.com
Is one of the best anti-phishing protection services available, since it has a wide variety of features and benefits for the price of € 500 per year for every 25 users. Among all its advantages it offers attachment analysis, URL inspection, instant collaboration with six high-fidelity databases, and security against identity theft with provider domain.
Ironscales.com
This versatile tool works through the use of artificial intelligence to enhance the native security features of the email service. It also uses user interaction rates to quickly respond to potential attacks. It also has the particularity that it can obtain additional information about the threat, such as the number of emails it was sent to, and the number of users who reported the email as a threat.