Phishing attack , steps to avoid it

Question

Hi team,

Our organization recently got a phishing attack, could you please let me know what are the steps we can take to avoid this happen again.

Thank you for your help,

Answer 1

Hi @J-3804 ,

By default, there's already a built-in anti-phishing policy that contains a limited number of anti-spoofing features enabled in Microsoft 365 organizations with mailboxes in Exchange Online. It can be viewed in the Anti-phishing page(https://security.microsoft.com/antiphishing).

Considering that your organization is still getting phishing attack, you can increase that protection by refining the current settings of the anti-phishing policy or creating custom anti-phishing policies with stricter settings that are applied to specific users or groups of users. See: Configure anti-phishing policies in EOP.

Furthermore, there are some additional features included in Exchange Online Protection (EOP) and Microsoft Defender for Office 365 which can help protect your organization from phishing threats. For more information, hopefully you can find the document belwo helpful:
Anti-phishing protection in Microsoft 365

---

If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

Thanks for the information. Microsoft Defender for Office 365 plan 2 has many of the features to help with these issues. Go to this site for access to an Interactive Guide. Well worth the 20-minute investment. Whenever possible, empowering the users with training and live testing gives some personal accountability which can help in the long term. To access, visit the new Security Portal > Email & collaboration > Attack simulation training.

For getting started information about Attack simulation training, see Get started using Attack simulation training.

Answer 3

Thank you guys!