New Exchange Online feature helps prevent phishing, spoofing

From: Division of Information Technology

On April 7, the Division of IT will enable the First Contact Safety Tip feature in Exchange Online. This feature displays a safety tip beneath the ‘To:’ field in Outlook (desktop, web app, or mobile) under certain conditions, including:

• The first time you get a message from a sender
• When a message is from a sender you rarely get messages from 
  

Depending on the number of recipients in the message, the First Contact banner will be one of the following:

“You don't often get email from <email address>”

“Some people who received this message don't often get email from <email address>”

This feature adds extra protection against phishing and impersonation attacks. 

When you see the First Contact banner, you can click on the sender’s name in the message and review their details to confirm legitimacy before responding. Look for the items below (more information can be found in the links provided at the end of this message):

• Check the email address: Look closely at the sender's email address. Often, phishing emails will use addresses that look like legitimate ones but have slight differences, like extra characters or misspellings.
• Verify the domain: Check the domain part of the email address (the part after the @ symbol). Make sure it matches the official domain of the organization the sender claims to be from. For example, an email from someone at Virginia Tech should come from @vt.edu, not @vt-support.edu.
• Look for personalization: Legitimate emails from companies you have accounts with will often include your name or other personal information. Generic greetings like "Dear Customer" can be a red flag. 
• Check spelling and grammar: Many phishing emails contain spelling and grammatical errors. Legitimate companies usually have professional communication standards.
• Examine the email content: Be wary of emails that create a sense of urgency or ask for personal information. Legitimate companies will not ask for sensitive information via email.

If you determine an email is fraudulent, do not respond or click on any links. Simply report it to Microsoft.

Where can I find more information? 

• The IT Security Office has some great training available at LinkedIn Learning Training | IT Security Office | Virginia Tech. We recommend you check out Avoiding phishing scams | LinkedIn Learning.
• You can also request access to their Interactive Phishing Awareness Training. 
• These articles are some great resources as well
  • Phishing scams
  • Protecting Your Accounts: What to Do After a Compromise
  • How to Protect Yourself from Phishing Attacks

If you suspect that your email account has been compromised, please call 4Help for immediate assistance at 540-231-4357.