Microsoft Teams Releases New Protection Against Phishing Attacks

Microsoft Teams has gained new Defender ‘Safe Links’ phishing protection to protect users against potentially dangerous phishing URLs. The additional phishing protection in Teams is available for organizations using Defender for Office 365 to guard against phishing attacks that use weaponized URLs. While email is the standard medium for delivering phishing links, Teams usage exploded during the pandemic, making it an attractive target for phishing.

As Microsoft outlined earlier this year as part of its ‘hybrid work messaging’, time spent in Teams meetings grew 2.5 times globally between February 2020 and February 2021. Teams users now send 45 percent more chats per week on average, and 42 percent more chats per person after hours too. “Safe Links in Defender for Office 365 scans URLs at the time of click to ensure that users are protected with the latest intelligence from Microsoft Defender. We’re super excited to announce that this capability is now generally available,” Microsoft says in a blogpost. 

Given the massive shift to Teams chat and video over the past year, it’s sensible to make Safe Links — a feature of Defender for Office 365 since 2015 — available to the communications platform. Microsoft previewed the phishing protection feature for Teams in April.  Safe Links click protection can scan links in Teams conversations, group chats, and channels. 

Safe Links does a real-time scan and verification of URLs at the time a user clicks the link. Each month Microsoft’s ‘detonation systems’ detect almost 2 million unique URL-based payloads created by attackers for phishing. Microsoft monthly blocks over 100 million phishing emails with these booby-trapped URLs. Microsoft scans URLs at the time they are clicked by a user because, Microsoft explains, attackers have learned to send benign links that redirect post-click to avoid detection.

“As detection technologies evolve to block malicious sites quicker, sending malicious links to users becomes less effective. So attackers evolve their attacks. Instead of sending malicious links to users, attackers now send benign links. Once the link has been delivered, the attacker redirects the link to a malicious site,” Microsoft notes. Admins configure Safe Links to protect Teams users by tweaking the policy in the Microsoft 365 Defender portal. Admins can view Microsoft’s documentation for Safe Links here.