0

We've just caught an email spoofing attack on our business, and it's not the first like this. Bad actor registers a DNS name very similar to a company we work with and then sends messages purporting to be from that company (but the domain name is wrong) and users trust these and click the links (doh!).

If we had a way to check the date of a DNS registration when a message is received and flag as suspicious it would go a long way to preventing this.

Example: our supplier's domain is xxxx.com - it's been registered for many years. The bad actor registers xxxx.co and starts sending emails that look like it's ours. Users see something that looks convincing and trust the links.

Is there a service or scan that works with Office 365 that can perform this check?

Quango
  • 229
  • 1
  • 4
  • 17
  • It's off topic to request product recommendations. This issue requires an increase in the end user education and test spoofing budget anyway. – Greg Askew Aug 11 '23 at 15:49
  • Thanks for the help - user education is always an issue and even experience users get caught. So ServerFault's no use then.. thanks – Quango Aug 11 '23 at 18:48
  • 1
    While product/software recommendations are off topic for Server Fault, there is a Software Recommendations Stack Exchange site: https://softwarerecs.stackexchange.com/ – Davidw Aug 12 '23 at 03:31
  • @Quango: this isn't about experience. It's about assessing and measuring the problem before the money is gone. Test phishing does this. Spending limited resources on edge cases that represent the "problem" as technology instead of people will not achieve the desired result. – Greg Askew Aug 12 '23 at 11:30
  • Yeah @GregAskew this isn't an "edge case" it's happened several times to us alone in last 2 years. Hacker gets compromise on us or related organisation, reads someone's inbox. Finds payments being organised. Registers new spoof domain to look like the genuine one, sets up a 365 account and sends messages that *look* like they are genuine. – Quango Aug 15 '23 at 11:15

1 Answers1

0

I don't know that, which office365 plan do you use but Microsoft 365 Defender is work for you.

https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-phishing-mdo-impersonation-insight?view=o365-worldwide

librhnylmz
  • 91
  • 3
  • Thanks we are already investigating what capabilities this will add. We're also going to restrict our AAD tenant to known good countries – Quango Aug 15 '23 at 11:16