Microsoft has extended Microsoft Defender’s phishing protection for Office 365’s Safe Links feature to Microsoft Teams.
“At its core, Safe Links provides click-time verification of URLs. This process involves scanning URLs for potentially malicious content and reevaluating them when clicked by a user,” explains Girish Chander, Microsoft’s Group Program Manager of Office 365 Security.
Since the start of the COVID-19 pandemic, the number of users of business collaboration tools such as Zoom and Microsoft Teams has skyrocketed, fueled by the massive shift to remote working and the need for companies to keep (video) in touch with their employees.
In March 2020, Microsoft Teams reached 44 million daily users. By April 2020, the number crossed 75 million, and this broad pool of potential targets has not gone unnoticed by phishers.
In April 2021, Microsoft had approximately 145 million daily active Teams users. That’s a huge user base to protect, and Microsoft is stepping up to the plate.
Safe Links phishing protection in Microsoft Teams
Earlier this year, the company launched a new Applications Bounty Program and invited bug hunters to investigate Microsoft Teams desktop clients for bugs. Last week, they expanded the scope of the program to include the mobile apps.
On Monday, the company announced that the Safe Links feature will now be available for Microsoft Teams – if customers also use Microsoft Defender for Office 365.
Safe Links has been a critical feature in Defender for Office 365 since its introduction in 2015, Chander said, and Microsoft’s blast systems “detect nearly 2 million different URL-based payloads that attackers create to orchestrate phishing campaigns with credentials.”
He also explained that the choice to scan URLs at the time of click is due to the fact that attackers have developed their tactics and are now sending benign links from a redirection service that can be changed to point to a malicious site.
“The moment the email is received by your organization, the link appears to be harmless and so the email is delivered. However, after the click inspection, Safe Links would have checked the link on delivery and made sure that when the link is clicked, it is forwarded and inspected. If the link is malicious, the user will not be able to access the site, and if the link is harmless, the user may continue.”
Such links can also be sent through conversations, group chats, and channels in Microsoft Teams, and can also be included in documents shared through them.
Microsoft demonstrates how Safe Links work in the video below. Safe Links has already spotted nearly 2 million different URL-based payloads that cybercriminals create to organize phishing activity with credentials, according to Microsoft.
To use Safe Links, company administrators must configure a Safe Links policy in the Microsoft 365 Defender portal.
Source: helpnet security