A whole load of phishing emails make it past Microsoft Defender, researchers say

Almost a fifth of phishing emails missed by Microsoft Defender

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

MicrosoftDefender, the in-built security service for Windows, which also scans incomingemailmessages for malicious content, misses almost a fifth (18.8%) of all phishing emails, a new report from Avanan claims.

The company claims to have analyzed almost three million emails that were scanned by Microsoft and Check Point security products, over one week. For the purpose of the report, the analysts took samples from organizations with anywhere between 500 and 20,000 users. The companies analyzed were from various industries, but all located in the United States.

But not only did Defender miss 18.8% of phishing messages, the analysts say the number of misses has increased by 74% over the last two years. In Avanan’s previous analysis in 2020, only 10.8% of phishing emails made it to the victims’ inboxes.

Is Microsoft Defender bad?

What’s important to notice here, and what Avanan stresses in the report’s introduction itself, is that these figures do not necessarily mean Defender is bad at defending against phishing. If anything, it’s as good or better than the competition:

“In general, Microsoft 365 is a very secure service. That is a result of a massive and continuous investment from Microsoft. In fact, it is one of the most secure SaaS services on the market. This report does not indicate otherwise,” the report states.

Everything you need to know about phishing>Phishing attackers are now using multiple email accounts to start group conversations with you>Here’s our rundown of the best endpoint protection software right now

So why is Defender allowing such a large percentage of phishing emails, some of which carrymalware, through? The researchers believe it is because Defender is the go-to solution for most organizations, and as such, most threat actors test out their strategies against this solution first, before deploying attacks.

“It’s important to note that this does not mean that Microsoft’s security got worse. It means that the hackers got better, faster, and learned more methods to obfuscate and bypass the default security,” the researchers added.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Targeted financial attacks are specifically crafted to bypass Defender, they say, adding that these usually include many email scams (fake invoices, fake Bitcoin transactions, phony business proposals etc.). Still, Defender missed 42% of these types of attacks last year.

TechRadar Prohas asked Microsoft for a response to the findings of the Avanan report.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Windows PCs targeted by new malware hitting a vulnerable driver

Dangerous Android banking malware looks to trick victims with fake money transfers

The UK government wants to help businesses make trustworthy AI products