Microsoft’s Enhanced Anti-Phishing Policy

Microsoft's Enhanced Anti-Phishing Policy is part of an ongoing cybersecurity initiative to protect Dartmouth.  The Enhanced Anti-Phishing Policy enables a number of new features to catch a broader variety of phishing e-mails and migrate them to a user's junk folder.

Implementation of the Enhanced Anti-Phishing Policy would perform the following changes to the user’s experience:

  • Enables Mailbox Intelligence:  Customizes/enhances impersonation results for each user’s mailbox based on each user's individual sender map. This feature performs “fuzzy matching” on the sender to compare it against addresses that are frequently received/responded to.
  • Enables Action:  Places messages in the Junk folder.
  • Enables Safety tips:  When using a Microsoft mail client, provides the user with a visual indication that the message is coming from an email address that is not normally used by the sender.
     

Benefits of the Enhanced Anti-Phishing Policy are:

  • The increased likelihood of marking phishing messages as junk so end users are less likely to fall for them.  This should in turn decrease the number of IT incidents, compromised credentials and/or devices, time spent on remediation, etc.
  • A “Safety Tips” visual indicator that improves the user’s ability to understand *why* the email landed in the junk folder when it looks like a legitimate sender vs. a  false positive (legitimate messages marked as junk). This addresses the issue where we see that the message is already being delivered to the Junk folder, but the user opens it anyway and begins corresponding with a malicious sender believing that the message has been miscategorized . The Safety Tip would look like this:


The Enhanced Anti-Phishing Policy may impact a user in the following ways:

  • End users may notice an increase in messages marked as junk and moved to their Junk E-Mail folder.
  • End users will begin to see Safety Tips appear in their MS Mail clients when there is important additional information.
     

What steps can a user take in response to the Enhanced Anti-Phishing Policy change?

  • If users see false positives they can report the message as a false positive using the Report Message tool on the Home Ribbon in Outlook or OWA.
  • To address persistent issues an ITC incident can be raised for escalation to Microsoft.

 

Details

Article ID: 72122
Created
Fri 2/15/19 1:21 PM
Modified
Mon 2/25/19 12:11 PM