Almost 19 percent of phishing emails bypass Microsoft Defender

For many organizations, Microsoft 365 has become their default service for email. But for attackers this makes it attractive as a point of compromise.

New research from cloud and email security specialist Avanan shows that the missed phishing rate for Microsoft Defender is 18.8 percent. A previous analysis in 2020 showed 10.8 percent of phishing emails reaching inboxes, so Defender's missed phishing rates have increased by 74 percent.

Among other findings the report shows that Defender sends seven percent of phishing messages to the Junk folder, so they can still be accessed by the user.

When financial-based phishing attacks have been specifically crafted to bypass Defender it missed 42 percent of them. This category includes things like fake invoices and bitcoin transfers. Brand impersonation is another popular method hackers choose to bypass Defender and 22 percent of these emails get through. 21 percent of credential harvesting attacks also get through to users' inboxes.

The missed phishing rate is also higher in larger organizations, reaching between 50 and 70 percent. This is despite security operations center staff in large businesses devoting a large percentage of their time to email issues. One large company studied saw 910 reported phishing emails within one week, yet the IT team could only remediate 59 of these or less than seven percent.

It's not all bad news though, there are some areas where Defender does well. It catches 90 percent of unknown malware for example. It's also good at spotting attacks using DMARC spoofing, with only 2.5 percent making it through to inboxes, and business email compromise, with just two percent getting through.

You can read more on the Avanan blog and there's an infographic summary of the findings below.

Photo Credit: Lucian3D/Shutterstock