This support article provides guidance on how to identify email messages that are malicious, and handle them accordingly. Criminals are good at making email scams look like legitimate messages, so it's easy to get tricked into opening, clicking, or sharing links or attachments.


Below is guidance to protect yourself and your company, from being compromised:


Solution:

Recognize the signs of a malicious email message


One of the best ways to avoid being compromised and falling victim to a scam is to know how to identify malicious emails. While every message may look a little different, there are red flags to help you spot malicious ones. Common signs of malicious messages include:

  1. An unusual message from a sender you DO NOT recognize
    • Check the sender's email address carefully, and verify its authenticity.
    • On mobile, tap the name to reveal the full email address or contact details.
    • If you receive a email message that seems unusual or out of the blue, especially from an unknown sender, be cautious.
  2. An unusual message from a sender you DO recognize
    • Even if the message is from someone you know, their email account may be compromised, and it might not be a legitimate message.
    • There are also instances messages appear as if they are from within the company, to trick you that your supervisor, or coworker sent you some link or attachment, but was sent from an external source. In these instances, additional message filtering within Microsoft 365 is in place, to catch these types of messages, and display a red warning. See below:

      WARNING: This message was sent from outside the company, impersonating a user or system within it. Do not click any links or open attachments unless you recognize the source of this message, and know the content is safe.

      When you see this warning, it is there for a reason, and please heed its warning! Do not open attachments OR click any links, unless you are 100% sure of who the sender is!
  3. Inconsistencies in email addresses, domains, links, email content, etc.
    • For example, an unsolicited Microsoft password reset request message from "[email protected]".
    • Look for slight misspellings or unusual email addresses or domains (e.g., "microsoft-support.com" instead of "microsoft.com").
  4. Unusual links or attachments
    • Do not open unexpected attachments or click on suspicious links.
    • Hover over links (without clicking) to see their actual destination. If it looks different from what the message claims, it’s likely a phishing attempt.
    • Files with extensions like .exe, .zip, or .scr can be malicious. Do not download or open them unless you're certain of their safety.
  5. A message that is unsolicited
    • Familiarize yourself with the latest phishing and scam tactics. Common examples include fake invoices, account recovery scams, or messages impersonating government agencies.
  6. An unfamiliar greeting or tone, from the sender
  7. A message with a sense of urgency (e.g. "Your account will be locked in 24 hours!" or demands for immediate action).
  8. Requests for personal or sensitive information
    • Legitimate organizations will never ask for sensitive details like passwords, Social Security numbers, or credit card information via email or text.
    • Do not fill out forms or enter information through unsolicited links.


Do not respond to a malicious email message


If you are ever suspicious about a message in your inbox, its best to avoid sending a response. By responding, you are letting the scammer know that they are dealing with an active email address. This can prompt them to continue trying to scam you in the future.



Developing a habit of assuming every email you receive (whether an internal email from a coworker, or an external one) is suspicious. More then likely, you can avoid potential problems navigating your inbox this way.



Reference: