Recently there have been tons of malware emails detected by our smart setting on Office 365. Imagine if we do not have this in place, our colleague would have opened it, and it will be a disaster or, worst beyond it, spread to other organisations.
First let me explain what kind of email attachments is dangerous:
- .exe (executable)
- .docm (macro-enabled document file )
- .wsf (windows script file)
These are the common file type that disguises themselves as email attachments to you or your colleague. If they are not aware, they will click to open it and compromise their machine.
Malicious email attachments are usually transmitted in two different forms: as an attachment or embedded within the body of a message. They are sent through phishing attacks, email spoofing, compromised websites, social engineering techniques, virus-infected media, emails with malicious links etc...
However, the content of emails containing malicious attachments or links to malware is usually well written in a way that will convince you it is from a reputable company, from someone you know from within your organisation, partner office etc...
Now I will show you how our smart setting on Office 365 scans all incoming emails, finds out what is suspicious, and asks the user to take action.
Note: This setting is not enabled by default, so you need to contact your IT Admin or Microsoft Office 365 Admin Team to enable it for your organisation... If you do not have any IT admin or IT staff, you can always look for us at Supercharge Interactive to help you with this.
- First login to Office 365 portal with your admin credentials and go to the Exchange...
- Under Protection, click on Threat Management...
- Follow by Policy... Anti-malware...
- Double click on the Default to open up the setting window, choose Settings below general on the left. Go to Common Attachment Types Filters and click On - Email with attachments of filtered files types will trigger the Malware Detection Response.
- Next, scroll down to Administrator Notifications, check the Notify administrator about the undelivered messages from internal senders and Notify administrator about undelivered messages from external senders. Enter the email address where you want the notification email to be received.
- To simplify: This means if there is an outgoing email or incoming email containing malware, MO365 Threat Management will be triggered and notify the email.
What to do if you get the email notification email?
First of all, do not click links in those notification emails (usually, there is no link). The incoming email with malware that could compromise your email or whole organisation email will be removed by MO365 Threat Management. So you don't need to do anything but inform the IT staff or someone who is maintaining your MO365 account.
This is more worrying for outgoing emails with malware detected because the computer or device might have been compromised. You might need to do a lot of scanning work, recovery work and notify others if, by any chance, the malware has penetrated further than email. Also, you might need to emphasise more knowledge to the staff or colleagues about these file types.
Thank you for spending our time reading, and I hope it helps you. If it doesn't, please feel free to contact us at Supercharge Interactive or visit our website www.supercharge.business. We would love to assist you with such services.