Is there a way to check the DNS registration date when scanning emails on Office 365?

Quango

8/11/24, 2:52 PM

We've just caught an email spoofing attack on our business, and it's not the first like this. Bad actor registers a DNS name very similar to a company we work with and then sends messages purporting to be from that company (but the domain name is wrong) and users trust these and click the links (doh!).

If we had a way to check the date of a DNS registration when a message is received and flag as suspicious it would go a long way to preventing this.

Example: our supplier's domain is xxxx.com - it's been registered for many years. The bad actor registers xxxx.co and starts sending emails that look like it's ours. Users see something that looks convincing and trust the links.

Is there a service or scan that works with Office 365 that can perform this check?

1 + 5

spoofing

microsoft-office-365

office365

Greg Askew

8/11/24, 3:49 PM

It's off topic to request product recommendations. This issue requires an increase in the end user education and test spoofing budget anyway.

Quango

8/11/24, 6:48 PM

Thanks for the help - user education is always an issue and even experience users get caught. So ServerFault's no use then.. thanks

Davidw

8/12/24, 3:31 AM

While product/software recommendations are off topic for Server Fault, there is a Software Recommendations Stack Exchange site: https://softwarerecs.stackexchange.com/

Greg Askew

8/12/24, 11:30 AM

@Quango: this isn't about experience. It's about assessing and measuring the problem before the money is gone. Test phishing does this. Spending limited resources on edge cases that represent the "problem" as technology instead of people will not achieve the desired result.

Quango

8/15/24, 11:15 AM

Yeah @GregAskew this isn't an "edge case" it's happened several times to us alone in last 2 years. Hacker gets compromise on us or related organisation, reads someone's inbox. Finds payments being organised. Registers new spoof domain to look like the genuine one, sets up a 365 account and sends messages that *look* like they are genuine.

Score:0

Server

librhnylmz

8/11/24, 9:05 PM

I don't know that, which office365 plan do you use but Microsoft 365 Defender is work for you.

https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-phishing-mdo-impersonation-insight?view=o365-worldwide

+ 1

Quango

8/15/24, 11:16 AM

Thanks we are already investigating what capabilities this will add. We're also going to restrict our AAD tenant to known good countries

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Is there a way to check the DNS registration date when scanning emails on Office 365?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.