Solved

Help deciding on phishing message when it's from a reliable source Outlook 2010

Posted on 2016-07-20
4
66 Views
Last Modified: 2016-07-21
We have been receiving this message from emails of people that we trust.  They are professionals that we assume they will not place any spam or spyware in emails the sent us.  That said, the message is: "this might be a phishing message and is potentially unsafe ... outlook blocked... unsafe attachments" (see pix below)

phishing
Question:

How can we determine if their email is safe (beside calling them)?
0
Comment
Question by:rayluvs
  • 2
4 Comments
 
LVL 10

Expert Comment

by:Clark Kent
ID: 41722178
Hello

You can refer to the following kb article which discusses the same issue faced by you.

https://support.office.com/en-us/article/Enable-or-disable-links-and-functionality-in-phishing-email-messages-f157f978-c8ed-410b-a9e3-a15a3e65cbf3

Hope this resolves your problem.


Thanks & Regards
Clark Kent
0
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 41722952
We may trust the user by themselves but not the machine itself totally as the email can still be from their (compromised) account or machine is infected and unknown to the sender. For assurance check, the attachment can be send out to Virustotal online (https://www.virustotal.com/) to scan. There’ is no foolproof way to know for sure whether a file is actually a false positive.

We can do best to gather evidence for e.g. indicator compromise from
a) Scan using other antivirus scanner,
b) Check the email header (using "Message Header Analyzer" -https://technet.microsoft.com/library/dn133083(v=exchg.80).aspx) whether from any unknown email relay,
c) Check sender’s domain if it has Sender Policy Framework (SPF) record configured/set up in the domain’s registrar - email as potential fraud since it was forwarded from 3rd party IPs.

Before making our best guess on the email trustworthiness, you may also consider preventive measures setup early to
- Block email spam using spam filter block lists
- Block bulk mail with transport rules or the spam filter
- Block IP addresses with a connection filter (check
- Avoid false negatives and junk mail by telling your sender to add the spam sender address to their blocked sender list in Outlook or Outlook Web App. Likewise, you can tell them to add sender addresses to their safe sender list.
- Good to ask sender to send signed or even encrypted email and that will really help your future verification of their emails https://www.signfiles.com/manuals/DigitalSignatureEncryptionOutlook.pdf
0
 

Author Comment

by:rayluvs
ID: 41723075
btan, u always give more than expected!! Thanx!!
0
 
LVL 62

Expert Comment

by:btan
ID: 41723261
thanks for sharing
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Finding original email is quite difficult due to their duplicates. From this article, you will come to know why multiple duplicates of same emails appear and how to delete duplicate emails from Outlook securely and instantly while vital emails remai…
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question