Outlook: New Outlook for Windows - Reply To header

🚨 The Signal: New Outlook for Windows allows users to set a 'Reply to' address different from the sender. This could facilitate phishing, spoofing, and misdirection of sensitive communications, increasing email-based attack vectors.

The Impact

All users are affected, increasing the risk of successful phishing and email spoofing attacks.

• End Users: Increased risk of falling victim to phishing or misdirected replies.
• Security Teams: New vector for email spoofing and social engineering to monitor.
• Compliance Officers: Potential for non-compliance with secure communication policies.
• Admins: Need to educate users and potentially implement new transport rules.

The Action

1. Educate users on the risks of 'Reply to' manipulation and how to verify sender authenticity.
2. Review existing Exchange Online mail flow rules for potential 'Reply to' header inspection.
3. Consider implementing new transport rules to flag or block emails where 'Reply to' differs significantly from the 'From' address, especially for external senders.
4. Monitor security logs for unusual email activity or reported phishing attempts leveraging this feature.
5. Update internal security awareness training to include this new email functionality and its associated risks.

Domain: Exchange · Impact: high · Workload: Exchange Online