Microsoft Viva: Viva Amplify - Animated GIFs in email

🚨 The Signal: Viva Amplify now supports animated GIFs in emails, potentially increasing phishing and social engineering risks through dynamic, attention-grabbing content. This change affects email content security.

The Impact

All users are affected by increased risk of social engineering and phishing via animated GIF content.

• End Users: Increased susceptibility to phishing and social engineering due to dynamic content.
• Security Teams: New vector for malicious content delivery and user manipulation.
• Admins: Potential for increased helpdesk tickets related to suspicious email content.

The Action

1. Review existing email content policies in Microsoft Purview for GIF handling and content filtering.
2. Enhance user awareness training on identifying suspicious emails, especially those with animated content.
3. Configure Microsoft Defender for Office 365 Safe Attachments and Safe Links policies to scrutinize dynamic content.
4. Consider implementing mail flow rules to quarantine or flag emails with animated GIFs from external sources if deemed high risk.

Domain: Purview · Impact: medium · Workload: Microsoft Purview