Microsoft has extendend the phishing protection offered by Microsoft Defender for Office 365’s Safe Links feature to Microsoft Teams.
“At its core, Safe Links provides time-of-click verification of URLs. This process entails scanning URLs for potentially malicious content and again evaluating them when they are clicked on by a user,” Girish Chander, Microsoft’s Group Program Manager of Office 365 Security, explained.
Since the start of the COVID-19 pandemic, the number of users of enterprise collaboration tools like Zoom and Microsoft Teams has skyrocketed, fueled by the massive shift to remote work and companies’ need to keep in (video) touch with their employees
In March 2020, Microsoft Teams hit 44 million daily users. In April 2020, the number surpassed 75 million, and this wide pool of potential targets has not gone unnoticed by phishers.
In April 2021, Microsoft boasted about 145 million daily active Teams users. That’s a massive user base that needs to be protected, and Microsoft is stepping up to the plate.
Safe Links in Microsoft Teams
Earlier this year the company started a new Applications Bounty Program and has invited bug hunters to probe Microsoft Teams’s desktop clients for bugs. Last week, they expanded the program’s scope to include the mobile apps.
On Monday, the company announced that the Safe Links feature will now be available for Microsoft Teams – if the customers also use Microsoft Defender for Office 365.
Safe Links has been a critical feature in Defender for Office 365 since its introduction in 2015, Chander said, and Microsoft’s detonation systems “detect close to 2 million distinct URL-based payloads that attackers create to orchestrate credential phishing campaigns”.
He also explained that the choice to scan URLs at time of click is due to the fact that attackers have evolved their tactics and are now sending benign links from a redirection service that can be changed to point to a malicious site.
“At the time the email is received by your organization, the link appears to be harmless, and so the mail is delivered. With time of click inspection, however, Safe Links would have checked the link on delivery, and ensured that whenever the link is clicked it is redirected and inspected. If the link is malicious, the user is prevented from accessing the site, and if the link is harmless, the user is allowed to continue.”
Such links may also be sent via conversations, group chats, and channels in Microsoft Teams, as well as included in documents shared via those.
To use Safe Links, enterprise admins must configure a Safe Links policy in the Microsoft 365 Defender portal.