Despite effective filtering, scam and phishing messages can end up in the M365 service’s mailbox. Therefore, it is appropriate to learn how to distinguish cheating messages from proper mail.
The Junk Email folder is worth checking and emptying on a regular basis. It can end up with proper email, especially if the message comes from outside the university. Similarly, spam and phishing messages can also end up in the Inbox. In these situations, use the Outlook report function to send incorrectly filtered message information to Microsoft. This will help Microsoft develop more accurate automatic filtering.
Contents of this instruction:
- How to identify suspicious messages
- Report spam or phishing in Outlook
- Do this if you fell for a scam
- How to protect yourself from getting scammed
How to identify suspicious messages
As a good checklist with suspicious emails, you should check:
- Does the email address and sender name match
- Is there a reference to a commonly known service in the message (Microsoft365, Office365, Windows)
- Urgency, “Threatening” tone: Act now or …
- Ambivalent, non-organizational signatures (Confidentiality signatures are common)
- Attachments
- Pretending to be a person/ICT services
- Login pages
If the contents of the incoming mail are suspect and the message mentions, for example, a foreman or HR services, you can also verify the relevance of the message by approaching the said party.
However, do not continue to send a potential scam message, but verify the validity by asking at the title or content level. You can also take a screenshot of an email with the Windows button + shift + s (win+shift+s) or MacOS on Shift + Command + 4 and paste it instead of the message and its possible links.
Report spam or phishing in Outlook
When you interpret a message in the Inbox folder as spam or a phishing message, take advantage of the Report function in Outlook. Similarly, you can report any relevant mail that ended up in the Junk Email folder. Based on the reporting, Microsoft is developing the filtering to be more accurate. Reporting is possible in all versions of M365 Outlook, although the names of commands vary between older and newer versions.
- In the folder view, right-click the message
- Select Report or Spam from the menu that opens (command depends on the version of Outlook you are using):
-
- In newer versions, select Report and continue to select:
- Report Phishing or
- Report junk or
- Not junk
- In older versions, select Junk and select further:
- Report as Junk or
- Report Phishing or
- Not junk
- In newer versions, select Report and continue to select:
If you reported a message as junk or phishing, it is moved to the Junk Email folder or if you reported an Inbox filtered message as appropriate, it is moved to Junk Email. You may choose to provide a copy of the message to Microsoft for analysis.
Do this if you fell for a scam
Phishing message or login portal
If you accidentally reply to a phishing message or log in to the login portal behind the link in the message with your university username, follow these steps:
- Change your password immediately
- Report the incident to tietosuoja@oulu.fi
- If the phishing message pretended to be somebody, they should be informed that the attackers are posing as representatives of the organization.
- Take a closer look at the ways how you can identify a phishing attack in the future. Typos, suspicious links, and requests for sensitive information can be a sign of phishing. By identifying the tactics most commonly used by attackers, you will be able to avoid becoming a victim of a phishing scam in the future.
Attachments
If you have opened the attachment of the suspicious message:
- Stop using the computer immediately!
- In the case of a computer maintained by the university, its use should not be continued and any transfer of files should be done with a person from the ICT Services. Possible file rescue is done by making sure that the machine has no connection to the organization’s data network or the Internet.
- If the computer maintained by the university has a malware detection or malware suspicion due to an opened file, the computer must be reinstalled by ICT Services.
- ICT Services provide staff with a replacement machine for the duration of re-installation.
Report a scam site to the National Cyber Security Centre
Report a security breach to the Cyber Security Centre for a suspicious message or website: Report to us | NCSC-FI (kyberturvallisuuskeskus.fi)
By reporting, you promote the removal of scam sites from the internet.
How to protect yourself from getting scammed
Read the guidelines of the Cybersecurity Centre: How to protect yourself against online scams | NCSC-FI (kyberturvallisuuskeskus.fi).
Get answers to the following questions:
- How do you recognize an online scammer?
- How do you protect yourself from cheating?
- Do this if you were scammed.