As part of our effort to combat phishing attacks we will be implementing additional email security tips in Microsoft Outlook and Microsoft 365. These tips will assist you with identifying fraudulent attempts to impersonate university employees and other individuals with whom you may communicate via email.
What will the tips look like? One of three different types of tips will be activated when a message arrives in your mailbox from an unfamiliar email address. Please continue reading for descriptions of the tips.
TIP #1: First Contact Tip
The First Contact tip will alert you when you receive a message from an individual that is not in the university email address book or is not included your contacts list. This tip will be displayed under the following conditions:
In the example below, the First Contact tip reads “You don’t often get email from email@example.com”. Notice that the domain from which the message is being sent appears to be a Google Gmail address and not a university email address. This message could be a phish or a scam.
TIP #2: Impersonation Attempt
If you normally receive messages from a known sender, for example ScrappyDoe@unt.edu, but you suddenly receive a message from an address that appears to be similar but not identical to the address that you your normally receive email, such as ScrappyDoe@NotUNT.Com, you will receive an alert that states “ScrappyDoe@NotUNT.Com appears similar to someone who previously sent you email but may not be that person. Learn why this could be a risk.”
View the example below to see how this tool tip will display. Notice that ScrappyDoe@NotUNT.Com is not a valid university email address because it ends in @NotUNT.Com. This message is likely a phish or a scam.
TIP #3: Unusual Characters:
Scammers often attempt to substitute unusual characters in an email address in an attempt to trick the recipient into believing the message is legitimate. For example, the address in the “From” field will contain unusual character substitutions such as numbers in place of letters, or a mix of uppercase and lowercase letters. In the example below the sender includes a number in the email address instead of the expected character—“Sc0ppy@UnT.CoM”. A user might overlook this substitution and believe the email is legitimate when it is actually a phish or a scam. The Unusual Characters tip will display a tip to warn you that the message should not be interacted with due to the appearance of unexpected letters or numbers.
Things to keep in mind when dealing with a potential phishing scam:
If you have doubts about an email sent to you, or believe you may have unintentionally divulged sensitive information, contact your computer support personnel or send an email to firstname.lastname@example.org.