Email Security Blog

Office 365 Doesn't Give Phishing Email Notifications Without INKY

The University of Iowa email system handles more than 2.5 million incoming email messages every day. Nearly 70 percent of them are spam, scams, or phishing emails. The amount of deceptive and dangerous email that is sent daily to organizations is staggering.

While spam might be merely annoying, phishing emails are dangerous. More than 90% of cyber-attacks begin with a phishing email.

Is Office 365 Providing Phishing Alerts?

Office 365’s basic protection is called EOP (Exchange Online Protection). EOP helps guard against spam and malware. If you are running Microsoft 365 Enterprise or Microsoft 365 Business and you have a subscription, Advanced Threat Protection (ATP) is included. If you are running other versions, you may need to add Microsoft’s advanced threat protection as an add-on. 

Even with this monthly upcharge for the add-on, however, you are still not fully protected from phishing attempts.

The Limitations of Office 365 EOP, ATP, And Safe Links

Microsoft ATP runs incoming email through filters to screen for junk mail. It compares email addresses against a list of known threat actors. If an email contains a link, Safe Links runs a check on links to see if they match URLs you have blocked, or they are on a list of known bad sites. If the email address or website is not on the list of problem places, the email might go through without any phishing email notification. Since it’s so easy to create new email addresses and URLs, by the time they make the list of threat actors, the bad guys have moved on to new ones.

In addition, some attackers have learned to recognize when Safe Links is checking on a link. Instead of allowing Safe Links to check the URL, it redirects to a page that will clear the filters but then redirects users to the malicious URL when they receive the email.

Here’s another limitation: you can define which email addresses are covered by ATP in Office 365, but you are limited to protecting 60 total internal and external addresses when it comes to impersonation attempts. If your organization is larger than that, you are out of luck.

Relying on Outlook Banner Warnings

You can configure Outlook to display a message letting users know the email came from an external address. While it does flag incoming emails, it also creates its own set of annoyances for users:

  1. Over time, people ignore the messages since they happen so frequently
  2. The message itself can cause formatting errors because of the extra header information
  3. You may not be able to see any part of the message in the Outlook reading pane. That means you will actually have to open a malicious email to see its contents.
  4. Prepend warning banner paths can also flag users, but a back-and-forth exchange can place the same External Warning at the front of every interaction. In the exchange, the warning will be duplicated every time and added on to the front obscuring the actual title.

INKY Looks at Things Differently

INKY’s anti-phishing software solution works differently than Office 365.

INKY goes beyond just comparing URLs and links to a list of known threats. By employing machine learning, artificial intelligence, and computer vision techniques, INKY inspects every element in the email. INKY has been trained to view emails the way you do. It recognizes brands, logos, and colors and can identify even pixel-level details.

INKY Inspects Every Element

If email is determined to be malicious, it will be quarantined. If it’s suspicious or unusual, INKY will mark it with prominent phishing alerts and tells users what triggered the warning.

Instead of using text messages that are easy to ignore, INKY used bold visual cues that jump out at users. These messages are inserted right into the body of the email without obscuring the message in the preview pane. These work on desktop and mobile platforms.

If users still decide to click or respond to an email with a phishing email notification, they will get a second – more direct – warning that includes the likely outcome of continuing. These active, targeted, warnings are incorporated into every email.

Protection Beyond Bad Links And Malware

Mail protection solutions are built to identify bad links or malware attachments, but they do not excel at preventing phishing attacks. INKY identifies more phishing threats than any other anti-phishing software.  This gives INKY the unique ability to catch so-called “zero-day” phishing attacks that haven’t been reported previously. 

INKY can also stop clever forgeries that sneak by other anti-phishing software – even when they come from G Suite or Office 365.  No other solution can do that.

Free Email Security Analysis

How confident are you that your systems are protected from threat actors?  Are phishing emails able to slip through your filters? Are you getting Office 365 phishing email notifications that your users won’t ignore? 

Get a free email threat analysis to test your systems and find out. This isn’t just a spot check either. We will analyze every email over two weeks using our proprietary machine learning, AI, and computer vision to determine your threat level.

This no-obligation free email security analysis can show you where you are vulnerable and what you need to do to protect your organization.

Topics: