Office365 Spam Filtering

What is spam mail?

Spam email is a form of commercial advertising which is economically viable because email is a very cost-effective medium for the sender.

What is a spam filter and why should I use it?

A spam filter is a program that is used to detect unsolicited and unwanted email and prevent those messages from getting to a user's inbox. Like other types of filtering programs. Spam filtering is an important tool that your company should use to help keep these unwanted messages from entering your inboxes, and to keep people from clicking on potentially harmful emails. According to studies, more than half of the emails that you get are actually classified as junk or spam.

Are you concerned about too much spam in Office 365?

Office 365 has many benefits, so it is no surprise that it is proving so popular with businesses, but one common complaint is the number of spam and malicious emails that sneak past Microsoft’s defences. If you have a problem with spam and phishing emails, there is an easy solution to improve the Office 365 spam filter, order to help prevent spam in Office 365, you may want to change a protection setting to deal with a specific issue in your organization—say you're receiving a lot of spam from a particular sender, for example—or to simply fine tune your settings so that they're tailored to best meet the needs of your organization. To do this, you can change anti-spam settings in the Office 365 Security & Compliance Centre. Office 365 checks for message characteristics consistent with spam by using spam filtering. You can change what actions to take on messages identified as spam, and choose whether to filter messages written in specific languages, or sent from specific countries or regions. You can also turn on advanced spam filtering options if you want to pursue an aggressive approach to spam filtering. Additionally, you can configure end-user spam notifications to inform users when messages intended for them were sent to the quarantine instead. (Sending messages to the quarantine is one of the configurable actions.)

Email address spoofing

Have you ever received an email from an address you trust but it contains a virus or links to phishing websites? Email spoofing (a nice name for forging) is fairly easy to do and many cyber criminals do it in order to trick you into giving away valuable information or even worse. By spoofing a trusted email account (it could even be one used by your company) the chances that you click on one of the links or open up the attachment are higher than if the email came from someone you didn't know.

So how do you protect yourself against email spoofing? The first step is to never trust any email that comes in. Always treat emails with suspicion, and if you are unsure about an email from a trusted source then phone the sender. Avoid clicking links in emails, only open attachments from people you trust (verify that they sent the email with them if need be) and always have a good up-to-date antivirus on your computer. Vigilance is the best defence when combating cyber criminals.

Criminals using your servers to make money

If you thought Ransomware was the worst thing to happen to your servers think again. Your server can now be hijacked and used as part of a botnet to mine cryptocurrencies. This horror story scenario is exactly what is happening with the Smominru botnet which has infected more than half a million servers around the world. These hijacked servers have been used to mine the cryptocurrency Monero and since the botnet first appeared in May 2017 it is estimated that the botnet has mined 8,900 monero tokens. At current exchange rates Monero is valued at $323.55, which brings the total amount of money made to $2.8 million (R32.7 million).

The botnet used an exploit developed for the US National Security Agency called EternalBlue. The exploit which affects Windows machines was leaked last year. This is not the first time EternalBlue has been used to compromise systems. In May 2017 it was used in conjunction with another exploited (also from the NSA) called DoublePulsar to spread the WannaCry ransomware which infection the UK NHS systems. So far attempts to bring down the botnet have failed due to its resilience, and due to the anonymous nature of the Monero blockchain it is impossible to see who the money is going to.

Servers are the ideal target for such attacks because they are always on and are far more powerful than the average home computer. The downside for the owners of these servers is the increased power consumption and heat generated, this can have the further negative impact of reducing the lifespan of the components inside the server.

So what can you do to protect yourself or reduce the impact if you do get infected? Well the first step is to always have an up-to-date antivirus. IT Windows recommends ESET Endpoint Antivirus for all our business clients (ESET Endpoint Security for the road warriors); and one of the various ESET server products to protect servers. It is also important to ensure that Windows machines are kept up-to-date with the latest patches, especially zero-day patches, since the vulnerability exploited was patched last year. Our technicians check our clients' servers on a regular basis to ensure that they are running well. Such routine checks ensure that we can spot when a server is not behaving properly and then investigate the cause.