INTRODUCTION:

Dealing with unwanted email is an ongoing struggle for many professionals. By using a combination of tactics like Spamming, Phishing, and Spoofing scammers will attempt to steal your passwords, personal information and money. No Junk mail filter is perfect, so it's important to know how to identify and protect yourself and your company from these tactics. 

APPLIES TO:

All Office 365 Outlook users.

REQUIREMENTS:

• Microsoft account and/or organizational account is required for licensing and to access services.
• E-mail account setup in Outlook must be in Cached Exchange Mode.

PROCEDURE:

Phishing

• A phishing scam is an email that appears legitimate but is actually an attempt to get your personal information or steal your money. A well crafted or targeted (spear phishing) email can be very difficult to identify. Watch out for unusual or unsolicited requests for information or payments. Ask yourself did this message come from someone I expect to make this request? Does the person making the request need the information or should they already have it? Never reply to a suspicious email even if it came from your companies email account. Scammers who have compromised one of your company's email address will use it to try and trick you. 

• Never reply to an email that asks you to send personal or account information.

• If you receive an email that looks suspicious or asks you for this type of information, never click links that supposedly take you to a company website.

• Never open any file attached to a suspicious-looking email.

• If the email appears to come from a company, contact the company's customer service via phone or web browser to see if the email is legitimate.

• Search the web for the email subject line followed by the word hoax to see if anyone else has reported this scam.

Identify Spoofing

• Scammers can also use a technique called spoofing to disguise their real email address. This can be done multiple ways and is not always caught by the Junk filter.
• A common tactic is to create a free Gmail.com account using the first and last name of your boss and their email signature. This may look like your boss just sending you a message from their personal account, and may even attempt to explain the change by saying "I can't get my company email to work." Treat this the same as a suspicious Phishing message.
• If a message from someone you know and have messaged previously is filtered as Junk do not reply to that message. Start a new message and ask about the message and why it may have went to your Junk folder. The "reply to" address can be changed and you may not be sending to who you expected.
• View the internet message headers by clicking the message options button in the Tags section of the tool bar. This provides all the routing information about the message and is what support will need to determine the sender of a message.