How to report on suspicious emails in Office 365 - Part 1 (2024)

How to report on suspicious emails in Office 365 – Part 1

Microsoft 365

How to report on suspicious emails in Office 365 - Part 1 (1)

Post author:Written By Tony AkersPost published:January 25, 20195 Comments

Phishing attacks happen to every company across the globe daily. Whether you have 10 or 100,000 users, they will still receive junk, spam and phishing emails. The Anti-Phishing Working Group 2nd Quarter Phishing Report of 2018 portrayed a 46% increase in detected phishing sites from January to March 2018. It is inevitable that phishing attacks will proceed to increase in the future. In this article, we will discuss how to deploy the Microsoft Report Message add-in to allow your end-users to assist in reporting of phishing emails to Microsoft EOP, Exchange Admins and your Security Officers.

Phishing email attacks

A phishing email is a fraudulent attempt to gain information such as your username, password or credit card information. A user receives an email that looks legitimate with the intention of the user clicking on the malicious URL that will look almost identical to a regular Office 365 login page. If the user enters their username and password, the attacker stores this information in their database for later use. They now have full access to your Office 365 account or other platforms unless you have additional security in place such as Multi-Factor Authentication (MFA).

Below are examples of one legitimate and one phishing email which we have received. Can you guess which one is which?

How to report on suspicious emails in Office 365 - Part 1 (2)
How to report on suspicious emails in Office 365 - Part 1 (3)

You probably guessed the first email is the phishing one. Here are some key indicators on how to determine if it’s a phishing email:

  • Verify the sending email address: do you know this person or not? In the first email, we see the sending address is “Office Alerts <alert@officeresponse.com>”. This is not a Microsoft email address if you’re unsure I would advise checking online. The second email shows the address being “Office365alerts@microsoft.com” which appears legitimate because it is an actual email address from Microsoft.
  • Examine the email for grammar errors: In the first email, you can see the word Authenticate has an underline that is not proportioned correctly. Other indicators are to check the salutation. Is it your name, or Customer or Colleague? Most legitimate users will email you with the correct salutation.
  • Preview the URL link address: hover your mouse of the link and examine the details that come up. Review this, but do not click the link. Does the URL look ok at first glance, or does it look suspicious?
How to report on suspicious emails in Office 365 - Part 1 (4)

When you hover your mouse over the link it will show you the details to the URL it will go to before clicking. The phishing email URL goes to http://u9118720.ct.sendgrid.net…. However, the email sender is supposed to be Microsoft. As well as looking at the sender, the link preview is the best way to determine if it’s going to a legitimate website or not. In the real email below, you will see https://protection.office.com in the second line which is the correct website to visit for looking at Microsoft alert messages.

How to report on suspicious emails in Office 365 - Part 1 (5)

If you are still suspicious, be cautiousand forward the message to your helpdesk, Exchange Administrator or Security Officerfor review. If you have a security team, they should be able to examine the URLthrough security tools or sandboxing the URL. If the URL is malicious theywould block the URL from being accessible from your network.

Microsoft Report Message Add-in

The Microsoft Report Message add-in helpsusers report Junk, Not Junk and Phishing emails natively from theOutlook client and Outlook on the web. The emails submitted to Microsoft areevaluated and relevant findings are then fed back into their detection andMachine Learning models. Messages are finally reclassified if needed andupdated in the Microsoft Spam filter databases across the globe.

Any message that is sent to Microsoft is evaluated at a network-wide level. By alerting Microsoft on these messages, it helps both you and all Office 365 customers across the globe improve their spam filtering. The Microsoft spam team will evaluate each submitted message for the from address, sending IP address, keywords, phrases, frequency, and other trends.

Did you know the Microsoft Spam team arereferred to as Spam Cops? At least this was the case in 2012 when this videowas released.

There are two methods of deploying the Report Message Add-in feature. The first being to individual accounts, and the second option for deploying across your tenant or to specific groups. The Report Message add-in works with your Office 365 subscription for the below products:

  • Outlook on the Web
  • Outlook 2013 SP1
  • Outlook 2016
  • Outlook 2016 for Mac
  • Outlook included with Office365 ProPlus.

If you have the above products you candeploy the Report Message Add-in to your account manually.

How to deploy the Microsoft Report Message Add-in to yourself

To deploy this yourself, complete the followingsteps:

  1. Visit Microsoft AppSource and click Sign in in the top-right corner.
How to report on suspicious emails in Office 365 - Part 1 (6)
  • Enter your account information and click Sign in
  • Search for th Report Message add-in
  • Select Report Message
How to report on suspicious emails in Office 365 - Part 1 (7)
  • Click Get It Now
  • Review the terms and conditionsand click Continue
How to report on suspicious emails in Office 365 - Part 1 (8)
  • Finally, click the Add button to start the installation
How to report on suspicious emails in Office 365 - Part 1 (9)

Once the installation of the Report Message Add-in is complete you can close and reopen Outlook. At the top of the menu bar in Outlook and in each email message you will see the Report Message add-in. You can then click the Report Message drop-down and specify if the message is Not Junk, Junk or Phishing.

How to report on suspicious emails in Office 365 - Part 1 (10)

Let’s review the options of the ReportMessage Add-in. Select the ReportMessage Add-in in the drop-down and select Options. There will be three options available:

  1. Ask me before sending a report
  2. Automatically send reports
  3. Never Send Reports

The recommended option here is the default Ask me before sending a report toremove any inaccurate submissions from users and to confirm the user wants toreport a message to Microsoft, after you’ve completed this click Save.

How to report on suspicious emails in Office 365 - Part 1 (11)

When a user now selects to report amessage, they will be prompted if they are sure they want to report themessage.

How to report on suspicious emails in Office 365 - Part 1 (12)

Now that we have covered the basics of phishing threats, detection tips, and walked through how to deploy the add-in for yourself, in part two of this blog series, I will talk you through how to deploy the Microsoft Report Message Add-in via Centralized Deployment in your Office 365 tenant.

Tags: Outlook, phishing attacks, Report Message Add-in

About the Author

Tony Akers

    About the Author

    Tony Akers has been working with email technologies since the Exchange 5.0 days for the last 18 years. He enjoys learning the ins and outs of Exchange & O365 and is currently diving into the Cyber-Security realm. Connect with Tony on Linkedin & Twitter.

    Comments

    1. How to report on suspicious emails in Office 365 - Part 1 (14)

      dns718 17 Oct 2019Reply

      Typical Microsoft logic that would leave this button as an option, and evidently doesn’t even exist for the Mac client Outlook. Where is the legacy email address simply to forward these suspicious emails directly to Outlook? Why require an add-in at all?

    2. How to report on suspicious emails in Office 365 - Part 1 (16)

      Yuriy K. 24 Jul 2019Reply

      Hi Tony,
      Great article; thank you! I’ve always wondered what are the differences between Outlook’s Junk Email feature and the O365 Report Message function? What should end-users be relying on?

    3. How to report on suspicious emails in Office 365 - Part 1 (17)

      Ludovic Jakubec 25 Jan 2019Reply

      Microsoft indicates it in one of its documentation, they receive so much information every day from users that they are not able to process them all.

    4. How to report on suspicious emails in Office 365 - Part 1 (18)

      Oleg K 25 Jan 2019Reply

      This add-in should be included by default. As i didn’t know about it, we were using reporting button in OWA (Office 365). Although, after reporting same type of messages like 10 times for a few weeks and still receiving them i had to create a mail flow rule. MS should act faster on repots.

    Leave a Reply

    How to report on suspicious emails in Office 365 - Part 1 (2024)
    Top Articles
    Latest Posts
    Article information

    Author: Fr. Dewey Fisher

    Last Updated:

    Views: 5603

    Rating: 4.1 / 5 (62 voted)

    Reviews: 93% of readers found this page helpful

    Author information

    Name: Fr. Dewey Fisher

    Birthday: 1993-03-26

    Address: 917 Hyun Views, Rogahnmouth, KY 91013-8827

    Phone: +5938540192553

    Job: Administration Developer

    Hobby: Embroidery, Horseback riding, Juggling, Urban exploration, Skiing, Cycling, Handball

    Introduction: My name is Fr. Dewey Fisher, I am a powerful, open, faithful, combative, spotless, faithful, fair person who loves writing and wants to share my knowledge and understanding with you.