Office 365 will by default filter out emails that have attachments that are executables (exe, scr, ps1, cmd, etc.) as well as an unencrypted zip file that contains executables. Office 365 allows HTML files as attachments to email because these are considered to be potentially valid email from some vendors. Attackers will attach HTML files that contain malicious javascript and will try to mask the origin of the email and it's contents. If they can convince you to download the attachment and open it, this can cause you some serious problems. This article is a summary of how to create an Office 365 Exchange Mail Flow rule to add some warning to users.
Exchange Admin Center Mail Flow Rules
https://admin.exchange.microsoft.com/#/transportrules
Navigate to the Exchange Admin Center. Select Rules, + Add a rule
The new rule should have the following key entries:
- Apply this rule if any attachment matches HTML, HTML, html or htm.
- Prepend the subject of the message with [ATTACHMENT-FAIL]
- Apply and prepend a disclaimer
- Generate and Incident report and send it to the domain administrators.
<span style="color:red"><b><p>
[ATTACHMENT-FAIL] WARNING,
This message has an HTML attachment and may be invalid or contain a virus.
USE EXTREME CAUTION in opening any attachment.
</p></b></span>
Below is an image of the rule.
Once the rule is created, it will be disabled by default. The rule needs to be enabled to process the rules.
#evernote