SOLVED

Attacks Phishing

%3CLINGO-SUB%20id%3D%22lingo-sub-2057527%22%20slang%3D%22en-US%22%3EAttacks%20Phishing%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2057527%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Team.%3C%2FP%3E%3CP%3E%3CSPAN%3EWe%20have%20had%20two%20cases%20in%20our%20Office%20365%20tenant.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E1.%20Some%20users%20receive%20phishing%20emails.%20I%20block%20this%20IPs%20and%20domains.%20In%20a%20Office%20E1%20subscriptions%2C%26nbsp%3Bis%20there%20anything%20else%20that%20can%20be%20done%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3E2.%20This%20emails%20they%20are%20also%20sent%20to%20our%20clients%20too.%20Emails%26nbsp%3Bare%20sent%20to%20our%20clients%20as%20if%20they%20were%20ours%2C%26nbsp%3Bhow%20can%20i%20report%20this%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThanks%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2057527%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Ephishing%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Esecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2058689%22%20slang%3D%22en-US%22%3ERe%3A%20Attacks%20Phishing%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2058689%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F392602%22%20target%3D%22_blank%22%3E%40CarlosMoralesMX%3C%2FA%3E%26nbsp%3BHi!%3CBR%20%2F%3E%3CBR%20%2F%3EWhen%20it%20comes%20to%20reducing%20Phishing%20emails%2C%20I%20would%20recommend%20you%20to%20review%20your%20EOP%20configuration%20accordingly%20to%20Microsoft's%20Best%20practices%20configurations.%3CBR%20%2F%3EYou%20can%20find%20guidelines%20for%20EOP%20Configurations%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Fbest-practices-for-configuring-eop%3Fview%3Do365-worldwide%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Ehere%3C%2FA%3E%3CBR%20%2F%3EI%20would%20also%20highly%20suggest%20that%20you%20have%20a%20look%20on%20the%20Defender%20for%20Office%20365%20function.%3CBR%20%2F%3EThis%20will%20help%20you%20to%20detect%20bad%20links%2Fattachments%20and%20also%20enables%20you%20to%20create%20anti-Phishing%20policies.%3CBR%20%2F%3EYou%20can%20read%20more%20about%20Defender%20for%20Office%20365%20capabilities%20as%20Safe%20Links%2C%20Safe%20Attachments%2C%20Anti-Phishing%20policies%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Ftuning-anti-phishing%3Fview%3Do365-worldwide%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Ehere%3C%2FA%3E%3C%2FP%3E%3CP%3E%3CBR%20%2F%3ERegarding%20the%20emails%20being%20sent%20to%20you%20clients%2C%20in%20your%20domain%20name.%20This%20is%20simply%20emails%20being%20spoofed%2C%20you%20can%20protect%20your%20clients%20from%20spoofing%20through%20anti-spoofing%20techniques%20as%20SPF%2FDKIM%2FDMARC.%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Fanti-spoofing-protection%3Fview%3Do365-worldwide%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EHere%3C%2FA%3E%20is%20a%20good%20article%20about%20anti-spoofing%20capabilities%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Hi Team.

We have had two cases in our Office 365 tenant.

1. Some users receive phishing emails. I block this IPs and domains. In a Office E1 subscriptions, is there anything else that can be done?

 

2. This emails they are also sent to our clients too. Emails are sent to our clients as if they were ours, how can i report this?

 

Thanks

2 Replies
best response confirmed by CarlosMoralesMX (Contributor)
Solution

@CarlosMoralesMX Hi!

When it comes to reducing Phishing emails, I would recommend you to review your EOP configuration accordingly to Microsoft's Best practices configurations.
You can find guidelines for EOP Configurations here
I would also highly suggest that you have a look on the Defender for Office 365 function.
This will help you to detect bad links/attachments and also enables you to create anti-Phishing policies.
You can read more about Defender for Office 365 capabilities as Safe Links, Safe Attachments, Anti-Phishing policies here


Regarding the emails being sent to you clients, in your domain name. This is simply emails being spoofed, you can protect your clients from spoofing through anti-spoofing techniques as SPF/DKIM/DMARC.
Here is a good article about anti-spoofing capabilities

Thanks @Pontus Själander