It’s clear the changes Microsoft made to combat phishing attacks earlier this year have worked. Before then, from November 2017 to January 2018, the company had a poor record. During that timeframe, Office 365 was missing too many phish emails compared to rivals. Debraj Ghosh, Senior Product Marketing Manager for Microsoft, says the change is a result of hard work: “[It] is the culmination of the incredible focus, drive, and expertise of Microsoft researchers and engineers working together to push the boundaries of threat research, machine learning, and development of algorithms that together provide customers the most impressive and effective protection against phish emails available for Office 365 today.”
Microsoft has poured funds and resources into cybersecurity. Indeed, the company has 3,500 dedicated security professionals and spends around $1 billion each year on security. Still, it was only recently Redmond achieved success against phishing attacks on Officer 365.
Catching Phish
Ghosh says the security team focused on four categories: domain spoof, content detonation, compromised accounts, and impersonation. Microsoft was able to create several anti-phishing tools through advanced machine learning models and other enhancements. In the summer, the company added a Threat Tracker tool to Office 365 Threat Intelligence. The service delivers security tracking tools. For example, users can get insights into phishing and malware threats. Microsoft says its various tactics to combat phishing in Office 365 are better than any alternative on the market. This year, the suite has blocked 5 billion phish emails and protected 7 billion URL clocks through Safe Links. Office 365 has also detonated 11 billion items through sandboxing.