The ongoing coronavirus outbreak is leading to a rise of phishing attacks, Microsoft warns.
Criminal groups have various ways to attack vulnerable people, including malware, but Microsoft emphasized today that “91 percent of all cyberattacks start with email.”
Fortunately, Microsoft has built a robust defense system to block malicious emails with Outlook.com, Office 365, Microsoft Exchange, and Microsoft Defender all working in tandem. The company also uses machine learning, heuristics, and anomaly analyzers to detect malicious behaviours in your emails.
However, technology alone can never be 100% foolproof, and it’s important for consumers to make sure to install the latest security updates and use an anti-malware service, such as Microsoft’s free Defender antivirus. Microsoft also recommends to use multi-factor authentication (MFA) on all of your accounts, and Microsoft’s excellent Authenticator app is here to help.
If Microsoft has built solid automated tools to identify online threats, it’s still important for users to educate themselves: bad spelling and grammar, suspicious links and attachments should always raise a red flag.
Here are some recommendations from Microsoft’s security site.
Make sure your devices have the latest security updates installed and an antivirus or anti-malware service. For Windows 10 devices, Microsoft Defender Antivirus is a free built-in service enabled through Settings. Turn on cloud-delivered protection and automatic sample submission to enable artificial intelligence (AI) and machine learning to quickly identify and stop new and unknown threats.
Enable the protection features of your email service. If you have Office 365, you can learn about Exchange Online Protection here and Office 365 ATP here.
Use multi-factor authentication (MFA) on all your accounts. Most online services now provide a way to use your mobile device or other methods to protect your accounts in this way. Here’s information on how to use Microsoft Authenticator and other guidance on this approach.
MFA support is available as part of the Azure Active Directory (Azure AD) Free offering. Learn more here.
Educate yourself, friends, and colleagues on how to recognize phishing attempts and report suspected encounters. Here are some of the tell-tale signs.
- Spelling and bad grammar. Cybercriminals are not known for their grammar and spelling. Professional companies or organizations usually have an editorial staff to ensure customers get high-quality, professional content. If an email message is fraught with errors, it is likely to be a scam.
- Suspicious links. If you suspect that an email message is a scam, do not click on any links. One method of testing the legitimacy of a link is to rest your mouse—but not click—over the link to see if the address matches what was typed in the message. In the following example, resting the mouse on the link reveals the real web address in the box with the yellow background. Note that the string of IP address numbers looks nothing like the company’s web address.
- Suspicious attachments. If you receive an email with an attachment from someone you don’t know, or an email from someone you do know but with an attachment you weren’t expecting, it may be a phishing attempt, so we recommend you do not open any attachments until you have verified their authenticity. Attackers use multiple techniques to try and trick recipients into trusting that an attached file is legitimate.
- Do not trust the icon of the attachment.
- Be wary of multiple file extensions, such as “pdf.exe” or “rar.exe” or “txt.hta”.
- If in doubt, contact the person who sent you the message and ask them to confirm that the email and attachment are legitimate.
- Threats. These types of emails cause a sense of panic or pressure to get you to respond quickly. For example, it may include a statement like “You must respond by end of day.” Or saying that you might face financial penalties if you don’t respond.
- Spoofing. Spoofing emails appear to be connected to legitimate websites or companies but take you to phony scam sites or display legitimate-looking pop-up windows.
- Altered web addresses. A form of spoofing where web addresses that closely resemble the names of well-known companies, but are slightly altered; for example, “www.micorsoft.com” or “www.mircosoft.com”.
- Incorrect salutation of your name.
- Mismatches. The link text and the URL are different from one another; or the sender’s name, signature, and URL are different.
If you think you’ve received a phishing email or followed a link in an email that has taken you to a suspicious website, there are few ways to report what you’ve found.
If you think the mail you’ve received is suspicious:
- Outlook.com. If you receive a suspicious email message that asks for personal information, select the checkbox next to the message in your Outlook inbox. Select the arrow next to Junk, and then point to Phishing scam.
- Microsoft Office Outlook 2016 and 2019 and Microsoft Office 365. While in the suspicious message, select Report message in the Protection tab on the ribbon, and then select Phishing.
You can learn more about Microsoft’s recommendations on the company’s Security blog.