FBI: Existing Cloud Email Protection Inadequate Against Phishing, Ransomware
- by Brittany Day

More organizations than ever are migrating to cloud-based email - especially with many employees being asked to work from home in the midst of the current pandemic - and threat actors are keeping pace, directing more attacks than ever at Microsoft 365 and Google Workspace users than ever before. Guardian Digital has identified and blocked more malicious emails targeting Microsoft 365 users in March of 2020 than in any other month since the company’s inception in 1999.
Although the threat that BEC and credential theft pose in Microsoft 365 and Google Workspace has been heightened by the recent COVID-19 outbreak, attacks targeting cloud email are nothing new. Between January 2014 and October 2019, the Internet Crime Complaint Center (IC3) received complaints totaling over $2.1 billion in actual losses due to BEC scams targeting Microsoft 365 and Google Workspace. Both the prevalence and the success of these attacks can be attributed to the fact that, without additional layers of security, these cloud platforms are inherently vulnerable - making them a highly attractive target for cyber criminals. According to the FBI, “Thirty percent of phishing attacks make it through existing systems and are opened by target users.” Clearly, the security features that constitute Microsoft Exchange Online Protection (EOP) - the default protection in Microsoft 365 - are glaringly inadequate, leaving users susceptible to credential theft, account takeovers and other advanced exploits. Is insufficient cloud email protection leaving your users - and your business - in danger?
How BEC Scams Targeting Cloud Email Services Work
To abuse cloud email services, threat actors use email service-aware phish kits that closely imitate the services' interface. The phish kits are designed to deceive employees into handing over account credentials. Targets are directed to these phish kits via large-scale phishing campaigns.
Once employees’ credentials are in the hands of attackers, they are able to analyze the compromised accounts for financial transactions. The FBI elaborates, “Using the information gathered from compromised accounts, cybercriminals impersonate email communications between compromised businesses and third parties, such as vendors or customers. The scammers will then impersonate employees or business partners, with the end goal of redirecting payments to bank accounts they control.” Thieves will also use compromised information to launch additional phishing attacks and compromise other businesses, enabling them to easily target other organizations within the same or similar industry sectors.
Email Risk is Magnified for Small Businesses
Guardian Digital has noticed that these dangerous BEC attacks designed to exploit the COVID-19 pandemic are targeting businesses of all sizes in all industry sectors, with a disproportionate amount of exploits victimizing small businesses. This trend is consistent with the FBI’s findings: “Although Google Workspace, Microsoft 365, and other popular cloud-based email services come with built-in security features that could help block BEC attempts, many of these features aren't enabled by default and have to be manually configured or toggled on by IT admins and security teams. Because of this, small and medium-size organizations, or those with limited IT resources, are most vulnerable to BEC scams.” Thus, additional protection for cloud email is especially critical for small businesses. Guardian Digital CEO Dave Wreski explains, “It is crucial that small companies with limited resources and funding to put toward security implement a fully-managed email security solution designed to fortify cloud email with the additional layers of security necessary to combat today’s sophisticated attacks. Guardian Digital EnGarde Cloud Email Security makes enterprise-grade email protection available to small- and medium-sized businesses at affordable prices, eliminating the need for a full-time IT department or mail administrator.”
Best Practices for Mitigating BEC Risk in Microsoft 365 and Google Workspace
In addition to implementing a solution that provides the critical additional layers of security that are necessary to defend against attacks exploiting cloud email, the FBI urges users to engage in the following best practices to prevent BEC attacks:
- Enable multi-factor authentication for all email accounts.
- Verify all payment changes and transactions in-person or via a known telephone number.
- Educate employees about BEC scams, including preventative strategies such as how to identify phishing emails and how to respond to suspected compromises.
The FBI suggests that IT administrators take the following measures to mitigate BEC risk:
- Prohibit automatic forwarding of email to external addresses.
- Add an email banner to messages coming from outside your organization.
- Prohibit legacy email protocols such as POP, IMAP, and SMTP that can be used to circumvent multi-factor authentication.
- Ensure mailbox logon and settings changes are logged and retained for at least 90 days.
- Enable alerts for suspicious activity such as foreign logins.
- Enable security features that block malicious email such as anti-phishing and anti-spoofing policies.
- Configure Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication Reporting and Conformance (DMARC) to prevent spoofing and to validate email.
- Disable legacy account authentication.
Defense-in-Depth: The Key to Protecting Microsoft 365 and Google Workspace Users
Defense-in-depth is essential to safeguarding users in Microsoft 365, Google Workspace and other cloud platforms. The default security provided within these platforms is no match for today’s advanced exploits, and organizations cannot rely on administrators to configure their email service to be 100 percent secure. Multiple layers of additional protection working harmoniously to detect and stop threats to cloud email in real-time and are most effective in protecting users in these platforms.
The need for effective, multi-layered cloud email protection has never been greater. Guardian Digital recognizes the importance of fortifying cloud email with additional layers of real-time protection and offers clients comprehensive, full-managed email vigilance in Microsoft 365 and Google Workspace, providing companies with the invaluable peace of mind that their employees are safe in this dangerous, frightening time.
Key benefits of choosing Guardian Digital to secure your cloud email include:
- Multi-layered, real-time defense against social engineering and impersonation attacks
- Tighter security, adaptive implementation and eliminated risk of vendor lock-in through the use of a transparent, collaborative development approach
- Scalable cloud-based system simplifies deployment and increases availability
- Expert, caring around-the-clock customer support services and remote system monitoring
Download Guardian Digital’s free Microsoft 365 protection guide to learn more about the inherent vulnerability of cloud email services and how EnGarde Cloud Email Security safeguards users in Microsoft 365.
Must Read Blog Posts
- Demystifying Phishing Attacks: How to Protect Yourself in 2023
- What You Need to Know to Shield Your Business from Ransomware
- Shortcomings of Endpoint Security in Securing Business Email
- Microsoft 365 Email Security Limitations You Should Know in 2023
- Email Virus - Complete Guide to Email Viruses & Best Practices
- How Phishing Emails Bypass Microsoft 365 Default Security
Phishing Is Evolving
Latest Blog Articles
- How To Spot A DocuSign Scam Email
- What To Do If Your Business Email Gets Hacked
- Why Do Over 90% of Cyberattacks Begin with an Email?
- FBI: The 2020 Presidential Election Is Under Attack by Email Scammers
- Why Is Machine Learning (ML) Beneficial in Security?
- What Is a Cyberattack?
- Cyber Risk Is On the Rise: How To Ensure Preparedness
- How to Protect Sensitive Data & Maintain Client Trust in Financial Services Industry
- Revolutionizing Email Security: The Evolution of EnGarde Secure Linux to EnGarde Cloud Email Security
- Open Source Utilization in Email Security Demystified