Feedback by UserVoice

How can we improve compliance or protect your users better in Office 365?

Phishing attacks using Office 365 compromised Accounts/ ATP safe links not working

Hello Microsoft ATP Team,

This is to bring to your notice that spammers/phishers have started targeting Office 365 Tenants which creates a mail loop between Office 365 hosted domains and these emails are getting circulated through which accounts gets compromised. We had a lot of incidences happening in our environment, As these emails are getting generated from the actual account hosted in Office 365 the email are considered to be safe and lands in users Inbox. We have ATP safe links policy in place however its not performing the job as expected. ATP is a great feature but we request you all to look in this matter on a larger scale. We have created a case with Microsoft Support for Office 365.

512 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Gaurav Anand shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    24 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Jacob S commented  ·   ·  Flag as inappropriate

        This is constantly happening to us. Are MS phishing algorithms not capable of picking up compromised O365 accounts? It seems like a daily occurance. ATP is actually more dangerous as it tells the user that the link is safe even when it isn't. MS should also disable accounts and inform the tenant that they are compromised after human review of messages.

      2 Next →

      Feedback and Knowledge Base