The most obvious preventative measure you can take is User Education. Training your users to spot bogus emails and to check links before clicking them may seem obvious but is the biggest preventative measure you can take. If users are aware and trained properly to watch out for these kinds of scams we could have prevented the attack in the first place. This is not to say that there aren’t technical measures we can put in place to help users identify scams as well as block some getting in.
There are hundreds of things you can do within Exchange Online to help prevent threats. For this post we will consider our example and think how we could have helped the user.
If the user had been able to identify clearly that the email was not from their boss and were warned it came from outside, they would have been much less likely to click the link in the email or enter their details so freely. We can help warn users of these sort of emails using Transport rules, by creating a rule that all mail that originates outside of the organization gets prepended by a banner we can flag to users to be more cautious of content and will hopefully make them think twice before clicking any links.
See below an example rule within Exchange and how the user would see this should the rule be triggered:
This is just one of many measures you can take, but it’s a handy example you could take away and implement on your Exchange today. Ultimately, you need to create a strategy for security using the four principals outlined in these blog posts about Phishing.