Sep 22 2023 05:27 AM
Even though we are MS 365 defender customers for all our users (EMS + E3) we are receiving an increasing number of phishing attempts based on good looking MFA connection requests.
Furthermore these are based on QR Codes, which can be used on a smartphone where the security rules will be helpless against such attacks.
And these attempts are absolutely not filtered.
Sep 22 2023 06:10 AM
Sep 22 2023 06:11 AM
@MGessner did you check your service health notifications sent by Microsoft? because Microsoft this week send a message status in service health in O365 portal that Some users are receiving large amounts of spam messages from specific senders in Exchange Online
Sep 26 2023 06:16 AM
@eliekarkafy ideally we should be able to alert on QR codes sent by unfamiliar (first contact) senders. While Microsoft boasts of safelinks, too many of these are making it through.
Sep 28 2023 05:02 PM
@Robert Young Just checking, did anyone get an effective way to block these out?
Sep 28 2023 11:07 PM
@Babsvald currently the effective ways to protect against QR codes phishing emails is :
Sep 30 2023 07:33 AM
Sep 30 2023 07:36 AM
Sep 30 2023 10:42 AM
Oct 01 2023 07:13 AM
Oct 01 2023 01:10 PM
Oct 01 2023 07:22 PM
Oct 02 2023 06:06 AM
@MGessner
Whilst I do not have an answer to pro-actively get these blocked, I have analyzed the IoAs and come up with a current method to try and detect these and get them actioned once they come through.
See below for my KQL query:
Oct 09 2023 04:22 AM
If you do this please post to GitHub, looks like there is some demand here. 🙂
I was considering doing the same but am both asking our MSFT rep...will this be a feature enhancement, or shall we go shopping for 3rd party product here that will.
Dec 24 2023 05:53 AM
Dec 26 2023 12:52 PM - edited Dec 26 2023 12:55 PM
Enhancing Email Security: Proactive Measures
To mitigate unwanted emails, consider the following strategies:
Domain Blocking:
Implement domain blocking to restrict emails from specific domains, bolstering your defense against unwanted communication.
Anti-Spam Policies:
Develop and enforce robust anti-spam policies to systematically block undesired emails, fortifying your organization's email security.
Email Labeling:
Label non-organizational emails to streamline identification. This aids users in promptly recognizing and managing emails that fall outside the organizational scope.