A whole load of phishing emails make it past Microsoft Defender, researchers say

News
By published

Almost a fifth of phishing emails missed by Microsoft Defender

Microsoft Defender home personal dashboard
(Image credit: Microsoft)

Microsoft Defender, the in-built security service for Windows, which also scans incoming email messages for malicious content, misses almost a fifth (18.8%) of all phishing emails, a new report from Avanan claims. 

The company claims to have analyzed almost three million emails that were scanned by Microsoft and Check Point security products, over one week. For the purpose of the report, the analysts took samples from organizations with anywhere between 500 and 20,000 users. The companies analyzed were from various industries, but all located in the United States.

But not only did Defender miss 18.8% of phishing messages, the analysts say the number of misses has increased by 74% over the last two years. In Avanan's previous analysis in 2020, only 10.8% of phishing emails made it to the victims’ inboxes.

Is Microsoft Defender bad?

What’s important to notice here, and what Avanan stresses in the report’s introduction itself, is that these figures do not necessarily mean Defender is bad at defending against phishing. If anything, it’s as good or better than the competition:

“In general, Microsoft 365 is a very secure service. That is a result of a massive and continuous investment from Microsoft. In fact, it is one of the most secure SaaS services on the market. This report does not indicate otherwise,” the report states. 

Read more

> Everything you need to know about phishing

> Phishing attackers are now using multiple email accounts to start group conversations with you

> Here's our rundown of the best endpoint protection software right now

So why is Defender allowing such a large percentage of phishing emails, some of which carry malware, through? The researchers believe it is because Defender is the go-to solution for most organizations, and as such, most threat actors test out their strategies against this solution first, before deploying attacks.

“It’s important to note that this does not mean that Microsoft's security got worse. It means that the hackers got better, faster, and learned more methods to obfuscate and bypass the default security,” the researchers added.

Targeted financial attacks are specifically crafted to bypass Defender, they say, adding that these usually include many email scams (fake invoices, fake Bitcoin transactions, phony business proposals etc.). Still, Defender missed 42% of these types of attacks last year.

TechRadar Pro has asked Microsoft for a response to the findings of the Avanan report.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Everything you need to know about phishing
Best email services: image of email with one unread message alert
Over 400 million unwanted and malicious emails were received by businesses in 2024
Hacker Typing
This devious two-step phishing campaign uses Microsoft tools to bypass email security
Fraude en ligne phishing
Phishing clicks nearly tripled in 2024 as criminals aim for smarter attacks
Fraude en ligne phishing
Google forced to step up phishing defenses following ‘most sophisticated attack’ it has ever seen
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft authentication system spoofed via phishing attack
Latest in Security
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Oracle
Oracle denies data breach after hacker claims to hold six million records
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Latest in News
A phone showing a ChatGPT app error message
ChatGPT is down for many – here's what's going on
AirPods Max with USB-C in every color
Apple's AirPods Max with USB-C will get lossless audio in April, but you'll need to go wired
A woman sitting in a chair looking at a Windows 11 laptop
It looks like Microsoft might have thought better about banishing Copilot AI shortcut from Windows 11
US flags
US government IT contracts set to be centralized in new Trump order
Tesla Roadster 2
Tesla is still taking deposits on its long overdue Roadster, despite promising it would arrive in 2020
Samsung HW-Q990D soundbar with Halloween theme over the top
Samsung promises to repair soundbars bricked by its disastrous software update for free – but it'll probably involve shipping
More about security
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol

Coinbase targeted after recent Github attacks
Oracle

Oracle denies data breach after hacker claims to hold six million records
A screenshot from Indiana Jones and the Great Circle showing Indiana Jones

Indiana Jones and the Great Circle finally gets PS5 release date and I can't wait to don the fedora and crack the whip
See more latest