Why ATP anti-phishing protection is critical to my role as Head of Internal IT

A CSO article on the rise of mobile phishing attacks opened with a rather scary statistic – especially if, like me, you’re tasked with eliminating security risks from within your organisation: 91% of all cyberattacks start with a phishing email.

With the same study showing phishing attempts on the rise and the average cost to mid-sized companies at a cool $1.6 million, I/we don’t have an option: it must be a key focus area in Oxford Computer Group’s defence against malicious attackers.

Fortunately, we have ATP anti-phishing protection. A recent addition from Microsoft to its Office 365 Advanced Threat Protection toolkit.

How ATP anti-phishing makes my job (a little) easier

ATP anti-phishing protection provides 3 key benefits:

1. I can prevent impersonation of our directors and other key staff

With ATP anti-phishing, you can prevent up to 20 members of your organisation from being digitally imitated.

It’s a common spear phishing technique to impersonate a CEO or high-level board member with the goal of gaining information or money from someone who reports to them.

ATP anti-phishing pays special attention to these individuals and will intercept any email that looks like it could have been sent by them, but really hasn’t.

This is achieved through machine learning models together with highly intelligent impersonation detection algorithms.

2. I can stop our domain name from being spoofed

It’s not just individuals you can prevent from being impersonated – but domains as well!

Another common method of tricking users to provide their credentials or carry out an action is to send an email from a domain name that looks like your own.

A screenshot of an email with a spoofed domain


At a glance, microsoft.com and mircosoft.com look the same.

ATP anti-phishing will detect this and can be configured to warn the user, move the mail to their junk folder, or even block it completely before it’s delivered.

It already knows the domains you have configured in Office 365 and protects these by default, but it can be configured to protect other domains – as well as ignore those that are similar but legitimate.

In fact, whether it’s a user or domain impersonation attempt, you’ll have complete control over what happens next – from quarantining the message to providing the user with anti-phishing safety tips.

3. And best of all: Mailbox Intelligence

This feature is particularly advanced.

It looks at each user who has an Office 365 mailbox and learns their individual sender map. This is basically a table of who you communicate with on a frequent basis. It helps to build up a picture of legitimate relationships – for example, sister companies, customers and suppliers.

If any of these contacts are spoofed, ATP anti-phishing will inform you that you aren’t speaking to the person you think you are.

An ATP message warning of an impersonated domain


To enable ATP anti-phishing protection, you will need an Office 365 Enterprise E5 license – although you can add-on as part of a different subscription.

The true value is when you combine anti-phishing protection with the rest of the of the Office 365 ATP suite and correctly configured Exchange Online Protection policies. Once that’s in place, you’ll have gone a long way to protecting your organisation from a potentially expensive attack.

If you need support enabling anti-phishing protection and defining policies for your organisation, then please get in touch.

We can also help you ensure you have the right subscription for your business – and are making the most of the features at your disposal.