A whole load of phishing emails make it past Microsoft Defender, researchers say

Microsoft Defender home personal dashboard
(Image credit: Microsoft)

Microsoft Defender, the in-built security service for Windows, which also scans incoming email messages for malicious content, misses almost a fifth (18.8%) of all phishing emails, a new report from Avanan claims. 

The company claims to have analyzed almost three million emails that were scanned by Microsoft and Check Point security products, over one week. For the purpose of the report, the analysts took samples from organizations with anywhere between 500 and 20,000 users. The companies analyzed were from various industries, but all located in the United States.

But not only did Defender miss 18.8% of phishing messages, the analysts say the number of misses has increased by 74% over the last two years. In Avanan's previous analysis in 2020, only 10.8% of phishing emails made it to the victims’ inboxes.

Is Microsoft Defender bad?

What’s important to notice here, and what Avanan stresses in the report’s introduction itself, is that these figures do not necessarily mean Defender is bad at defending against phishing. If anything, it’s as good or better than the competition:

“In general, Microsoft 365 is a very secure service. That is a result of a massive and continuous investment from Microsoft. In fact, it is one of the most secure SaaS services on the market. This report does not indicate otherwise,” the report states. 

So why is Defender allowing such a large percentage of phishing emails, some of which carry malware, through? The researchers believe it is because Defender is the go-to solution for most organizations, and as such, most threat actors test out their strategies against this solution first, before deploying attacks.

“It’s important to note that this does not mean that Microsoft's security got worse. It means that the hackers got better, faster, and learned more methods to obfuscate and bypass the default security,” the researchers added.

Targeted financial attacks are specifically crafted to bypass Defender, they say, adding that these usually include many email scams (fake invoices, fake Bitcoin transactions, phony business proposals etc.). Still, Defender missed 42% of these types of attacks last year.

TechRadar Pro has asked Microsoft for a response to the findings of the Avanan report.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.