Microsoft 365 steps up the fight against scam emails
CYBER experts have made it easier than ever for UK employees to join the fight back against email scams targeting their organisation.
In its latest bid to protect the UK from phishing scams, the National Cyber Security Centre (NCSC), a part of GCHQ, has today published guidance for IT administrators on a new reporting tool that can be added to their organisation’s Microsoft Office 365 accounts.
By clicking the new button, employees will report potential scams directly to the NCSC’s Suspicious Email Reporting Service (SERS) as well as their organisation’s IT team. The automated NCSC service will process emails and take down previously unseen malicious content where found.
Since its launch in April 2020, the Suspicious Email Reporting Service has received over 6,500,000 reports from the public – resulting in the removal of more than 97,000 scam URLs. This July, it took just four hours on average to remove malicious URLs in phishing emails reported to the SERS.
Organisational filtering systems block most phishing attacks before they reach staff inboxes, but cyber criminals are innovative and some scam emails can bypass defences in place.
Typical phishing URLs identified by NCSC experts that target organisations in particular include:
- Malware: Employees will be tricked into downloading malware onto their work computer. They could unwittingly download malware from a scam URL emailed to them that appears to be operated by IT support.
- Clone login pages: Employees can unwittingly enter personal details into fake, but legitimate appearing, login page URLs sent via email.
- Enterprise software spoofs: Emails containing fake alerts from popular pieces of workplace software, such as Microsoft Teams, direct targeted employees to a legitimate appearing URL which harvest personal details.
The NCSC is taking unprecedented action to remove malicious scams from the internet as part of its Active Cyber Defence programme.
Working in partnership with the City of London Police, the NCSC is committed to protecting organisations from cyber-crime, which cost over £5 million in the last 13 months.
Where organisations cannot install the button, employees are still be encouraged to forward or attach scam emails to send to email@example.com.