As part of our effort to combat phishing attacks we will be implementing additional email security tips in Microsoft Outlook and Microsoft 365. These tips will assist you with identifying fraudulent attempts to impersonate university employees and other individuals with whom you may communicate via email.
What will the tips look like? One of three different types of tips will be activated when a message arrives in your mailbox from an unfamiliar email address. Please continue reading for descriptions of the tips.
TIP #1: First Contact Tip
The First Contact tip will alert you when you receive a message from an individual that is not in the university email address book or is not included your contacts list. This tip will be displayed under the following conditions:
- The first time you receive a message from a sender that has never contacted you before;
- If you don't often receive messages from a specific sender; and
- If other message recipients don’t often receive a message from the sender.
In the example below, the First Contact tip reads “You don’t often get email from firstname.lastname@example.org”. Notice that the domain from which the message is being sent appears to be a Google Gmail address and not a university email address. This message could be a phish or a scam.
TIP #2: Impersonation Attempt
If you normally receive messages from a known sender, for example ScrappyDoe@unt.edu, but you suddenly receive a message from an address that appears to be similar but not identical to the address that you your normally receive email, such as ScrappyDoe@NotUNT.Com, you will receive an alert that states “ScrappyDoe@NotUNT.Com appears similar to someone who previously sent you email but may not be that person. Learn why this could be a risk.”
View the example below to see how this tool tip will display. Notice that ScrappyDoe@NotUNT.Com is not a valid university email address because it ends in @NotUNT.Com. This message is likely a phish or a scam.
TIP #3: Unusual Characters
Scammers often attempt to substitute unusual characters in an email address in an attempt to trick the recipient into believing the message is legitimate. For example, the address in the “From” field will contain unusual character substitutions such as numbers in place of letters, or a mix of uppercase and lowercase letters. In the example below the sender includes a number in the email address instead of the expected character—“Sc0ppy@UnT.CoM”. A user might overlook this substitution and believe the email is legitimate when it is actually a phish or a scam. The Unusual Characters tip will display a tip to warn you that the message should not be interacted with due to the appearance of unexpected letters or numbers.
Things to keep in mind when dealing with a potential phishing scam:
- You can report phishing messages by selecting Junk > Phishing > Report in the reading pane in Outlook. You can also send an email to email@example.com to report the phish.
- Never click on a suspicious link as it could direct you to a malicious site or could lead to identity theft.
- Our staff will never ask you for your password under any circumstances.
If you have doubts about an email sent to you, or believe you may have unintentionally divulged sensitive information, contact your computer support personnel or send an email to firstname.lastname@example.org.