More and more cases are reported to the NCSC-FI in which organisations have been subject to phishing with the purpose of obtaining the email credentials of employees. User credentials have been used in many ways, depending on the criminal’s personal motives or the role or position of the breached user account in the organisation. In certain cases, the attacker has clearly been seeking significant financial gains by monitoring payment-related messages. On the other hand, stolen credentials can also be used, for example, to acquire business secrets. In addition, successful phishing may involve different reputation and regulatory risks.
Reacting to new phishing campaigns is a never-ending race and is unfortunately often too late after the wave has already hit the shore. This is why it is very important to use service-specific information security features as early as possible. Different means can be used to reduce the number of phishing messages that reach users, prevent the easy use of stolen credentials, investigate possible cases and restrict the impact of successful phishing.
This guide focuses on the protection of Microsoft products, because they constitute a major part of the phishing campaigns, targeted especially at companies, that have been reported to the NCSC-FI. In addition, the NCSC-FI has discovered that often face problems in the deployment of the security features and settings of these products. We hope that the guide helps organisations to strengthen their email and cloud service environments, especially against threats related to credential phishing.