Spam (confirmed) with Microsoft 365 senders

Top Replies

• 

  LuCar Toni over 4 years ago in reply to DouglasFoster +3

  Interesting enough that Central Email does this already with the power of SophosLabs. 

  So we are doing this and much more in the Central based approach. Because there is one additional part of Check, you can do: Its the message itself and the content of the message. 

  Sophos Labs with the power of machine learning is focusing in such matter a lot because it is quite simple to create a spoofing Email address within outlook and simply spoof people all around the world. And as such, those emails are always "valid" to your checks. If you would start to rely on such checks alone, it could be easily avoidable by using Microsofts own infrastructure to spoof customers. Phishing nowadays has advanced in more detailed ways. 

  Central Email uses FROM and envelope-FROM checks already to block and protect the spoofing and enhance this with the classic protection like SPF, DMARC etc. Also terms like Delay Queue are already included plus the known hosts. Central provides a single MX, we can use the information of all customers to enhance the methods of blocking / allowing the email solution. The best part: This is done by SophosLabs and not the customer. As a customer, i do not want to get into this allow/blocking part and think about this kind of stuff. It should simply block the bad stuff and allow the good stuff - right? 

  Sophos Labs does some magic to fight against the next generation spoofing and phishing. See: https://ai.sophos.com/projects/phishing-detection/

  You can see this in a short demo on the same website: https://ai.sophos.com/demos/sophos-ai-catbert-phishing-detection-model-demo/

  Also there is a long defcon presentation about this: https://ai.sophos.com/presentations/def-con-28-ai-village-detecting-hand-crafted-social-engineering-emails-with-a-bleeding-edge-neural-language-model/
  Jump to answer