Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Feature that recognizes domain names with numbers

Copper Contributor

I came across a fraud case where somebody created a fraudulent O365 Domain with numbers instead of letters, which is very difficult for Users to recognize. Does O365 provide a feature that would alert users about possible rogue domain name?

 

Second case was an email was sent in a way, that the Sender field was masked, which made it appear like a correct E-Mail. Once you replied, the reply E-Mail address was different than the Sender. Can O365D mitigate this?

 

Thank you

1 Reply
Specific senders and sender domains are easy to block, but it sounds as if you want a defence that will react to the random substitution of any letter in a genuine domain for a number in a typosquatting domain. In theory a regular expression, ahem, pattern, could do that, but in practice I think there would be too many domains causing false positives.

What you really want is something that works with domain reputation, and that's either not in the product or is in the proprietary parts that Microsoft do not talk about, far less reveal, to customers.

For the second case where the sender was not obvious, check that you have your Anti-Phishing policy Show Via Tag option switched on. There may be some other settings there that will help.

Rather than make a change to your policy that affects your entire organisation, add a separate policy higher up the table that only applies to a handful of brave test users and experiment on them. You can also use that to document any training materials or advice notes before going live.