Solved

Help deciding on phishing message when it's from a reliable source Outlook 2010

Posted on 2016-07-20
4
60 Views
Last Modified: 2016-07-21
We have been receiving this message from emails of people that we trust.  They are professionals that we assume they will not place any spam or spyware in emails the sent us.  That said, the message is: "this might be a phishing message and is potentially unsafe ... outlook blocked... unsafe attachments" (see pix below)

phishing
Question:

How can we determine if their email is safe (beside calling them)?
0
Comment
Question by:rayluvs
  • 2
4 Comments
 
LVL 10

Expert Comment

by:Clark Kent
ID: 41722178
Hello

You can refer to the following kb article which discusses the same issue faced by you.

https://support.office.com/en-us/article/Enable-or-disable-links-and-functionality-in-phishing-email-messages-f157f978-c8ed-410b-a9e3-a15a3e65cbf3

Hope this resolves your problem.


Thanks & Regards
Clark Kent
0
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 41722952
We may trust the user by themselves but not the machine itself totally as the email can still be from their (compromised) account or machine is infected and unknown to the sender. For assurance check, the attachment can be send out to Virustotal online (https://www.virustotal.com/) to scan. There’ is no foolproof way to know for sure whether a file is actually a false positive.

We can do best to gather evidence for e.g. indicator compromise from
a) Scan using other antivirus scanner,
b) Check the email header (using "Message Header Analyzer" -https://technet.microsoft.com/library/dn133083(v=exchg.80).aspx) whether from any unknown email relay,
c) Check sender’s domain if it has Sender Policy Framework (SPF) record configured/set up in the domain’s registrar - email as potential fraud since it was forwarded from 3rd party IPs.

Before making our best guess on the email trustworthiness, you may also consider preventive measures setup early to
- Block email spam using spam filter block lists
- Block bulk mail with transport rules or the spam filter
- Block IP addresses with a connection filter (check
- Avoid false negatives and junk mail by telling your sender to add the spam sender address to their blocked sender list in Outlook or Outlook Web App. Likewise, you can tell them to add sender addresses to their safe sender list.
- Good to ask sender to send signed or even encrypted email and that will really help your future verification of their emails https://www.signfiles.com/manuals/DigitalSignatureEncryptionOutlook.pdf
0
 

Author Comment

by:rayluvs
ID: 41723075
btan, u always give more than expected!! Thanx!!
0
 
LVL 62

Expert Comment

by:btan
ID: 41723261
thanks for sharing
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Outlook Free & Paid Tools
Find out what you should include to make the best professional email signature for your organization.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now