Forum Discussion

CarlosMoralesMX's avatar
CarlosMoralesMX
Brass Contributor
Jan 13, 2021
Solved

Attacks Phishing

Hi Team. We have had two cases in our Office 365 tenant. 1. Some users receive phishing emails. I block this IPs and domains. In a Office E1 subscriptions, is there anything else that can be done? ...
security
  • Pontus Själander's avatar
    Pontus Själander
    Jan 13, 2021

    CarlosMoralesMX Hi!

    When it comes to reducing Phishing emails, I would recommend you to review your EOP configuration accordingly to Microsoft's Best practices configurations.
    You can find guidelines for EOP Configurations https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/best-practices-for-configuring-eop?view=o365-worldwide
    I would also highly suggest that you have a look on the Defender for Office 365 function.
    This will help you to detect bad links/attachments and also enables you to create anti-Phishing policies.
    You can read more about Defender for Office 365 capabilities as Safe Links, Safe Attachments, Anti-Phishing policies https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/tuning-anti-phishing?view=o365-worldwide


    Regarding the emails being sent to you clients, in your domain name. This is simply emails being spoofed, you can protect your clients from spoofing through anti-spoofing techniques as SPF/DKIM/DMARC.
    https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-spoofing-protection?view=o365-worldwide is a good article about anti-spoofing capabilities

Pontus Själander's avatar
Pontus Själander
Iron Contributor
Jan 13, 2021

CarlosMoralesMX Hi!

When it comes to reducing Phishing emails, I would recommend you to review your EOP configuration accordingly to Microsoft's Best practices configurations.
You can find guidelines for EOP Configurations https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/best-practices-for-configuring-eop?view=o365-worldwide
I would also highly suggest that you have a look on the Defender for Office 365 function.
This will help you to detect bad links/attachments and also enables you to create anti-Phishing policies.
You can read more about Defender for Office 365 capabilities as Safe Links, Safe Attachments, Anti-Phishing policies https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/tuning-anti-phishing?view=o365-worldwide


Regarding the emails being sent to you clients, in your domain name. This is simply emails being spoofed, you can protect your clients from spoofing through anti-spoofing techniques as SPF/DKIM/DMARC.
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-spoofing-protection?view=o365-worldwide is a good article about anti-spoofing capabilities

Resources