Defender for Office 365 – Phishing Outlook or Teams (re-do)

Many AiTM scams usually begin with sending messages through platforms like Outlook or Teams, and these messages often contain a dangerous phishing link. To demonstrate how this works, I tested it using a completely new Google Gmail account and included a phishing link associated with AiTM.

The AiTM attempt was successfully flagged and identified with the threat type labeled as either “Phish” or “Spam.” This detection was made possible through URL detonation, an advanced filter that analyzes and examines the provided web link for potential threats, ensuring a higher level of security against phishing and spam attacks.

the spam attempt mail 🙂

When attempting to release content through Defender for Office, the release is hindered by Safe Links, which classifies the website as malicious. This means that the security measures in place, particularly Safe Links, are actively identifying the website you’re trying to release as potentially harmful or malicious, and as a result, it’s being blocked to protect your system from potential threats.

So, I tried using a completely new website address that I just registered today, November 28, 2023. I’ve never used it before. But guess what? The security stuff on my system is already calling it bad and marking it as potentially harmful. This means the system is doing a good job at spotting potential issues even with new website addresses that have never been used before.

So, Take a look at the Defender Security Analyzer to enhance your security policies and boost your secure score. Check to see if there are any potential safeguards that haven’t been put in place yet.