By IT Support Team on Monday, 07 June 2021
Category: Insights

How Microsoft 365 Can Keep Your Users Safe from Phishing

Microsoft 365, which encapsulates Office 365, is incredibly popular – and one of its most commonly used components is Exchange Online and Outlook – Microsoft’s online email server and desktop and mobile email client, respectively.

When it comes to email, security is a big concern – with one particular email security topic increasingly making the headlines. We’re talking about phishing, a frustratingly effective e-mail attack that’s experienced by 86% of businesses, according to the 2020 UK Cyber Security Breaches Survey.

In this article, we will outline what a phishing attack is – and explain how Microsoft 365 and its component email services can help protect your company against phishing attacks.

What exactly is a phishing attack?

Phrases that explain cybersecurity attacks are often used quite liberally and not always with a full understanding of exactly what it means, so we’ll quickly explain exactly what a phishing attack is.

First, phishing is almost always carried out in spam-like, bulk fashion – even though highly targeted phishing does occur. In essence, phishing depends on disguise: disguising the true sender, and disguising the true destination.


Phishing is intended to fool recipients into clicking on a link or downloading a malicious attachment. Phishing comes from “fish”, and hence trying to fool recipients because the attacker is fishing and hoping that a vulnerable recipient will “bite”.

Broadly, attackers have one of two goals in mind. First, simply for the victim to download malware – be it spyware, or something else. More commonly, phishing attacks are carried out because the attack is hoping to collect sensitive information such as credit card data.

How Microsoft 365 protects you against phishing attacks

Some phishing emails are poor efforts and can be easily spotted but there are phishing emails that look very close to the real thing and humans can find it quite hard to detect these without close scrutiny.

However, the technical characteristics of these emails can be giveaways. Office 365’s Exchange Online has a number of tools for detecting these characteristics and either block emails or warning users. These tools include:

In combination, the above Office 365 features can detect and mitigate most of the more common phishing attacks, delivering an essential layer of protection.

Always educate your users about phishing emails

While Office 365’s anti-phishing tools are terrific at catching many of the automated phishing attempts, the most sophisticated and targeted attempts may still get past Office 365 – and into your user’s inboxes.

User education is therefore critical – and it is not easy given how authentic some of these emails can appear. The most determined attackers may even craft unique, targeted, one-off messages to try and fool operational and senior staff.

The first step is to get your staff to care about and be aware of phishing attempts. Next, ensure that your colleagues knew the basics – for example, that a “from” address can easily be faked and that the URL behind a link should be closely scrutinized.

Also, impress on your co-workers that attacks are becoming more and more targeted and personal. Essentially, if there is any doubt the best way to verify a message is via live chat or a phone call.

Not yet migrated to Office 365? Unsure how to educate your users about the threats of phishing? Your IT support partner is there to help.

Related Posts