Identifying malicious and spamming emails
As malicious and spamming emails become more and more convincing, it becomes harder to distinguish them from other emails. However, if you receive any email asking you to login, requesting personal information, or money, you should conduct the following checks (if you are on a smartphone, wait until you can check the email on a computer before continuing).
Who is it from?
Did you know email addresses can be spoofed? This means anyone could send emails appearing to have been sent from your email address. Email clients such as Outlook, Gmail and others have ways to detect fake emails, however they depend on the owner of the domain for the spam detecting features to work properly. Furthermore, attackers can also fake the name of the sender. Things to keep in mind:
An email address can be spoofed (faked or imitated). Don't open attachments or click on the links within any unsolicited emails you receive, and never respond to emails that ask for your personal or financial details or business password.
Outlook hides the email address for all organization members. In Outlook for Windows, open the email and right-click on the person's name and select 'Open contact card' to see the email address. In the web version, just click on the person's name or image to view the email address and any other. You can also view these details by viewing the message header (see following section).
If the email address doesn’t fit (e.g., doesn’t match name, is an external address or is inappropriate for the message sent), it is probably spam.
Is it too good/bad to be true?
If it is, then it's probably malicious or spam.
Is it addressed to you?
Even if it is addressed to you personally, it might still be spam.
Is there an unexpected attachment?
Have you any reason to think the attachment is genuine?
If it looks like the attachment is from a known contact, ask them if they sent it (but not by replying to the email).
The same is true if they are recommending something unexpectedly.
What to do if you see a spam or phishing email?
Use the Outlook 'Junk' option. As Outlook 'learns' this it will apply the rule across the University, helping to prevent similar messages getting through. (Please only use the Outlook 'Junk' and 'Phishing' options for emails that are genuine spam.)
In Outlook for Windows, right-click on an email and select 'Junk' then choose either 'Report as junk' or 'Report as phishing'. In the web version, tick the box to select the email and then choose 'Junk' or 'Phishing' from the top menu.
Do not open file attachments
Do not click on any links
Especially, do not enter your bank details or your School/Business/Church password.