M365 Defender Fails to detect Images looking like M365 emails with embedded URL shorteners
M365 Defender Fails to detect Images looking like M365 emails with embedded URL shorteners
Crossposted using Lemmit.
Original post from /r/sysadmin by /u/darking_ghost on 2023-07-07 14:50:29+00:00.
So I recently have seen some users (from multiple tenants) reporting that they received emails as such, https://snipboard.io/3GRm1S.jpg where it's just an embedded image and embedded link (rather than HTML) redirecting to malicious sites, they use bitly, google ads, etc.
Is this something new? Is there anything I can improve in my policies?
We have anti-spam and phishing (Phishing threshold set to 3)setup as well as safe links, whenever something is detected it goes to quarantine)
0 comments