Microsoft has revealed an investigation of a large-scale phishing-as-a-service operation.- These service providers enable attacks on users by selling
phishing kits to its customers. - Microsoft recommends some practices to
counter phishing attacks .
In a $4t by Microsoft 365 $4 Threat Intelligence Team, the company explains how
Like any service provider, phishing operators who work with interchangeable aliases like Anthrax, BulletProftLink offers its customers ready-to-use phishing kits for single payment. It also offers a host of services like a software-based service provider like template creation, website creation and hosting, and overall organisation of the phishing scam.
Many of these service providers offer their customers fully undetectable links that claim to remain viable until the users click on it. The templates that are sold avoid detection while phishing for credentials, such as$4.
Microsoft claims that Defender for Office 365 protects its customers from phishing attacks such as those enabled by BulletProofLink.
How to counter phishing attacks:
- Enable multi factor authentication and blocking sign-in attempts from legacy authentication.
- Use anti-phishing policies to enable mailbox intelligence settings.
- Configure impersonation protection settings for specific messages and sender domains.
- Enable SafeLink in Defender for Office 365 to ensure real-time protection by scanning at the time of delivery and at the time of click.
$4
$4
$4