It is safe to assume that, if you are reading this blog, you have received one of those spam messages that state something like “here is your voicemail” or “see attached invoice”. 
What these emails have in common is that they are most likely sent from a legitimate account that was hijacked and then used to bulk-send out viruses and spam. In the snapshot above, those attachments will take the recipient to a fake website where they will be asked to supply their work credentials to access the “real” file. The employee has now handed over the keys to their account. Here, I have compiled a few proactive & reactive options we have at our disposal as administrators.
Proactive Tip #1: End-user Training
Not many people like the “T” word but training your user-base in what to look for in all incoming email can not only help them in their business life, but personal as well. Whether you go for the online training options (KnowBe4 & Proofpoint for example) or hosting a Lunch & Learn; increasing their online knowledge by an attribute point can have a lasting effect.
Proactive Tip #2: Enable Office 365 Advanced Threat Protection
For a rather small amount of money ($2 per month per user) you have the option to open up the advanced protection filters offered in Microsoft 365. Enabling the Anti-Phishing, Safe Attachments, Safe Links, and Anti-spam policies will create a rather comfortable barrier around your Microsoft 365 tenant. 
Reactive Tip #1: Monitor your email domain in breaches
Troy Hunt, an independent security researcher has created a reputable website (https://haveibeenpwned.com/) where they upload data from breaches containing user identifiable content (Email, passwords, business title, etc.) for you to run a search against to see if your information has been leaked. What is great is that you can also register your email domain to be monitored; if it appears in a breach you will get a notification email. 
Reactive Tip #2: Office 365 Advanced Threat Protection (Plan 2)
Increasing the above-mentioned add-on license to $5 per month per user account will allow you to send internal threat campaigns to see who’s vulnerable to spoof attacks. But the real benefit allows you to use the Threat Management explorer to hard-delete known bad emails that have already been delivered to user’s mailboxes. 
All in all, the hope is that the proactive measures should be enough that the reactive measures will never be needed. But it all starts with training your user base in what to look for with emails even if it looks like it came from the CEO of their company. We don’t want anyone going out to buy gift cards for an unclear reason (https://www.consumer.ftc.gov/articles/paying-scammers-gift-cards). Please reach out to us if you’d like help securing the Microsoft 365 add-on licenses as we’d be happy to get the services configured.
