fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Office 365 Will Let Admins Review Microsoft Forms Phishing Attempts

Office 365 Will Let Admins Review Microsoft Forms Phishing Attempts

Microsoft is working on adding a new Microsoft Forms phishing attempt review feature that will allow Office 365 admins to confirm and block forms that try to maliciously harvest sensitive data.

Microsoft Forms is a web and mobile app that enables users to create surveys, quizzes, and polls designed for collecting feedback and data online.

Previously it was only available to business users with Microsoft 365 Personal and Microsoft 365 Family, but it has recently been made available for personal use to anyone with a Microsoft account.

Block potential form-based phishing attempts

“When managing Microsoft Forms, IT admins now have two options in response to possible phishing: you can either click ‘unblock’ or ‘confirm phishing’, a new option that is now available,” Redmond explains in a new Microsoft 365 Roadmap entry.

Phishing attempts are detected by Microsoft Forms with the help of proactive phishing detection (available for all public forms since July 2019 and for enterprise forms from September 2019), a protection feature that will proactively identify malicious password collection in forms and surveys.

Also Read: How to Send Mass Email Without Showing Addresses: 2 Great Workarounds

Such attempts are automatically and temporarily blocked from continuing to collect answers to preemptively block threat actors from abusing forms as phishing landing pages.

Global and/or security administrators receive alerts of all forms detected and blocked for potential phishing in their tenant.

Reviewing potentially malicious forms

Starting with the feature’s roll-out to all standard multi-tenants during November 2020, IT admins can examine all forms automatically tagged as phishing attempts to make sure that those that try to harvest the users’ sensitive info for use in future malicious campaigns.

To review and unlock phishing forms, admins will have to go through the following steps:

  1. Sign in to the Microsoft 365 admin center at admin.microsoft.com.
  2. Go to the Message center and look for the notification, Prevent/Fix: Microsoft Forms Detected Potential Phishing (this notification contains a daily summary of any and all blocked forms created in your tenant)
  3. Click on the Forms admin review URL link in the notification to review blocked forms.
  4. For each form you review, go to the upper right corner of the page and select whether to unblock it or confirm its phishing attempt (unblock those wrongfully tagged and confirm those that you want blocked for malicious intent)

“If you believe a form has malicious intent, no further action from you is required. The form will stay blocked until its owner removes the content flagged for the malicious collection of sensitive data,” Microsoft explains.

Also Read: How a Smart Contract Audit Works and Why it is Important

Reviewing Forms phishing detections
Reviewing Forms phishing detections (Microsoft)

Unblocking Microsoft Forms users

Microsoft Forms will also automatically block users if they repeatedly try to collect information by distributing forms.

Such attempts are logged and admins will be informed via the Microsoft 365 message center. Once the notifications are added to the message center, admins can unblock the users if they consider that no malicious intent was behind their data collection attempts.

To remove restrictions for any blocked Microsoft Forms users in their tenant, admins will have to follow this procedure:

  1. Sign in to the Microsoft 365 admin center at admin.microsoft.com.
  2. Go to the Message center and look for the notification, Prevent/Fix: Microsoft Forms Detected Potential Phishing.
  3. Click on the link provided in the notification to review blocked users.
  4. For each user you believe has no malicious intent, you can choose to click the Unblock link in the Actions column that is associated with that user.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us