01
Why Phishing Is Still the Number One Attack Vector
Phishing is the starting point for the majority of cyber incidents โ ransomware, business email compromise, credential theft, and data breaches almost always begin with a phishing email or message.
The reason phishing persists despite widespread awareness is that the attacks have evolved. Generic 'click here to reset your password' emails are now filtered effectively. Modern phishing is highly targeted, well-written, and often indistinguishable from legitimate email. It uses real sender domains, real logos, and real context โ the attacker has done their research.
The most dangerous phishing emails don't look like phishing emails. They look like emails from your CFO, your Microsoft 365 tenant, or your bank.
02
Email Authentication โ Your First Line of Defence
SPF, DKIM, and DMARC are the three DNS-based email authentication standards that determine whether an email claiming to come from your domain is legitimate.
| Standard | What it does | Without it |
|---|
| SPF | Defines which servers are authorised to send email on your behalf | Anyone can send email appearing to come from you |
| DKIM | Cryptographic signature proving the email was sent by you and not modified in transit | Emails can be spoofed or tampered with |
| DMARC | Enforcement policy โ what to do when SPF or DKIM fails | No action taken on spoofed emails, they reach inboxes |
Correct DMARC configuration at p=reject eliminates domain spoofing โ attackers cannot send email that appears to come from your domain. This is one of the highest-value, lowest-cost security improvements available.
03
Microsoft Defender for Office 365
Microsoft Defender for Office 365 (Plan 1 or Plan 2, included in Business Premium) provides advanced email filtering beyond the standard Exchange Online Protection included with all Microsoft 365 plans.
Key capabilities
โSafe Links โ real-time URL scanning at click-time, not just at delivery. Blocks links that become malicious after the email is delivered
โSafe Attachments โ detonates attachments in a sandbox before delivery. Blocks malicious attachments even if they're not known malware
โAnti-phishing policies โ impersonation protection for specific users (CEO, CFO) and domains
โSpoof intelligence โ identifies and blocks email spoofing attempts
โAttack simulation training โ send simulated phishing emails to staff to measure click rates and train responders
Safe Links time-of-click scanning is particularly important because attackers often send emails with links to legitimate pages that are subsequently weaponised. Without time-of-click scanning, the email passes filtering but the link is malicious by the time it's clicked.
04
Security Awareness Training
Technical controls filter the majority of phishing attempts โ but not all of them. The emails that reach inboxes are the most convincing ones. Staff need to know how to identify and report them.
Effective awareness training
โNot a one-time annual presentation โ ongoing, frequent, short-form training (10-15 minutes maximum)
โSimulated phishing exercises โ regular test emails sent to staff, click rates tracked and trended
โImmediate training for staff who click โ not punitive, but instructive
โSpecific training on business email compromise โ what CEO fraud looks like, payment request verification
โClear reporting process โ a simple way for staff to report suspicious emails they're not sure about
Microsoft Attack Simulator
Microsoft Defender for Office 365 Plan 2 includes Attack Simulator โ send simulated phishing emails to your organisation, measure click rates, and assign training to users who clicked. Available in Microsoft 365 Business Premium.
05
Business Email Compromise Prevention
Business Email Compromise (BEC) is a specific type of phishing where attackers impersonate executives, suppliers, or IT staff to redirect payments, obtain credentials, or steal sensitive information.
Common BEC scenarios
โCEO to finance: 'Process this urgent payment, I'm in a meeting'
โSupplier invoice fraud: invoice with updated bank account details
โIT helpdesk impersonation: 'We need your credentials for a security audit'
โLegal impersonation: 'You're required to send this information by end of day'
Prevention controls
โAnti-impersonation policies in Defender for Office 365 โ flag emails that impersonate protected users
โExternal sender banners โ visually mark all external emails so staff know they're not internal
โVerification procedures โ any payment request or sensitive action triggered by email requires phone or in-person verification
โFinancial controls โ payment authority thresholds, dual approval for large transfers
06
De4sec Phishing Protection Service
De4sec implements and manages the full phishing protection stack for clients in Kenya and Australia.
Email Authentication
SPF, DKIM, DMARC configuration and monitoring. Alerts when DMARC reports identify spoofing attempts against your domain.
Defender for Office 365
Safe Links, Safe Attachments, anti-phishing, and spoof intelligence configuration. Tuned to reduce false positives while maintaining strong protection.
Attack Simulation Training
Regular simulated phishing exercises using Microsoft Attack Simulator. Monthly click-rate reporting. Targeted training for frequent clickers.
Incident Response
When a real phishing email reaches a user and is clicked, De4sec investigates: was it a credential harvest, was anything accessed? Contain and remediate quickly.
// NEXT STEP
Ready to implement this in your environment?
De4sec provides hands-on implementation, not just advice. Book a free discovery call โ we assess your environment at no cost, no obligation.
ยฉ 2026 DE4SEC TECHNOLOGY. ALL RIGHTS RESERVED.