Identifying malicious and spamming emails
As malicious and spamming emails become more and more convincing, it becomes harder to distinguish them from other emails. However if you receive any email asking you to login or requesting personal information, you should conduct the following checks (if you are on a smartphone, wait until you can check the email on a computer before continuing).
If in any doubt on any matter, please report it to the IT Service Desk
Who is it from?
An email address can be spoofed. Don't open attachments or click on the links within any unsolicited emails you receive, and never respond to emails that ask for your personal or financial details or business password.
Outlook hides the email address for all organization members. In Outlook for Windows, open the email and right-click on the person's name and select 'Open contact card' to see the email address. In the web version, just click on the person's name or image to view the email address and any other. You can also view these details by viewing the message header (see following section).
If the email address doesn’t fit (e.g. doesn’t match name, is an external address or is inappropriate for the message sent), it is probably spam.
Does the link point to the business website?
Links often hide where they take you. Hover over the link to see the address.
Links and webpages can be spoofed so that it may look like a login page. Check that the URL domain of the login page matches your business, school or a Microsoft site. Examples being https://login.microsoftonline.com/. This is not an exhaustive list – but it should be evident if a login page is not hosted on your business/organization or Microsoft site.
There are exceptions, but no external site should ever ask for your username and password.
Is it too good to be true?
If it is, then it's probably malicious or spam.
Is it addressed to you?
Even if it is addressed to you personally, it might still be spam.
Is there an unexpected attachment?
Have you any reason to think the attachment is genuine?
If it looks like the attachment is from a known contact, ask them if they sent it (but not by replying to the email).
The same is true if they are recommending something unexpectedly.
What to do if you see a spam or phishing email
Use the Outlook 'Junk' option. As Outlook 'learns' this it will apply the rule across the University, helping to prevent similar messages getting through. (Please only use the Outlook 'Junk' and 'Phishing' options for emails that are genuine spam.)
In Outlook for Windows, right-click on an email and select 'Junk' then choose either 'Report as junk' or 'Report as phishing'. In the web version, tick the box to select the email and then choose 'Junk' or 'Phishing' from the top menu.
Do not open file attachments
Do not click on any links
Especially, do not enter your bank details or your School/Business/Church password.
Comments