Security experts have been aware of a new phishing attack that hackers and are using to bypass the Advanced Threat Protection (ATP) implemented by Microsoft Office 365.
Microsoft also uses an AI and machine learning powered security protection to help defend against phishing and other threats by deep scanning the links in emails in order to block any suspicious attachments, domains and websites.
Not long ago hackers were using the ZeroFont technique to impersonate a known companies and trick people into submitting their personal and banking information to criminals.
During May 2018, hackers learned the splitting up the malicious URL in a way that the Safe Links security in Office 365 fails to identify and replace the partial hyperlink, thus redirecting victims to the phishing site.
According to the experts, this phishing attack was used against 10% of its Office 365 users over the past couple of weeks, and it is believed that the same malicious methodology could spread over the greater percentage of Office 365 users globally.
In order to protect from this flaw, one should be careful about the URLs in the email body especially if it uses ACTION REQUIRED in the subject line, even in cases when email seems to be legit and safe. When a login page is loaded, one should always check the address bar in the browser to know if the URL is actually hosted by the legitimate service or not.
It is recommended to always use two-factor authentication, in order to make it harder for attackers, because of second verification step.