How to Identify and Defend Against Phishing, Spam, and Junk Emails

Identifying phishing, spam, and junk emails is crucial for protecting your personal information and devices. Here’s a guide on how to spot them and deal with them.

Table of Contents

• Learning the Signs of Phishing Emails
• Identifying Spam and Junk
• How to Defend Against Phishing, Spam, and Junk
  • Microsoft 365
    • Outlook Reporting System
    • Using Field Effect SEAS
  • Google Workspace
    • Gmail Reporting System
    • Using Field Effect SEAS

Learning the Signs of Phishing Emails

At first glance

• Phishing emails often come from addresses that look very similar to legitimate persons or organizations. These can include several variations of emails.
  
  For example, support@micros0ft.com instead of support@microsoft.com
  
  Pictured below is a perfect example of what seems to be an email from Microsoft but can be identified as illegitimate through these red flags. 
  
  
• Look for common spelling mistakes in the emails. In this example, "Office 365" is spelled as "Offlce". 
• The "To" field contains multiple recipients, which appear to be random addresses. Corporate messages are normally sent directly to individual recipients.
• Also, be aware of generic greetings. Rather than addressing you by your name, they might say a variation such as  "Dear Valued Member/Customer/Client".

Urgency

• Phishing emails often give the user a sense of danger and urgency. (ie; "Your account will be locked in 24 hours!" or "Immediate action required!").

Suspicious Links and Attachments

• Phishing emails also often require clicking a link to proceed.
  
  (In the example above, you can see that this link also has Microsoft misspelled. Among the spelling mistakes, this link is also unrelated to the email subject of "Mailbox space.")
   
• Hover over links (don’t click) to see if the URL looks legitimate. This will often reveal the real link address if the link is being spoofed. Malicious links often look strange or unfamiliar. 
  
  
  Example when hovering over a link that does not match
   
• If an email claims to be from a specific company/organization, the URL should contain a match to the company's official website. 

Language

• Another giveaway is the language used in the emails. Many phishing emails are poorly written and contain spelling/grammar errors. Authentic corporate communications are less likely to have typographical mistakes or inaccurate information.
  
  (In the example above, nomenclature such as "10 gig" is typically not used in a professional context; rather, "10 GB" would be more common.)

Unusual Requests 

• Legitimate companies do not normally ask for personal or sensitive information via email. (Information such as passwords, financial information, SIN numbers.)

Identifying Spam & Junk

Similarly to phishing emails, the steps above can also be followed when identifying spam and junk emails.

These can range from and include:

• Unfamiliar senders
• Suspicious attachments or links
• Sense of danger or urgency
• Poor language, grammar, and spelling 
• Requests for personal, banking, and/or other sensitive information

In addition to these indicators, Spam and Junk might also contain:

• Promotional content that is typically too good to be true. (ie; winning gift cards, electronics, vacations, etc)
• Unwanted subscriptions or services you have not enrolled for. (ie; streaming services you have never used or banks you do not have accounts for)

How to Defend Against Phishing, Spam, and Junk Using Your Email Client

Microsoft 365

When using Microsoft 365 with Exchange mailboxes, Outlook users can report phishing and suspicious emails with built-in Outlook tools or the integrated Field Effect SEAS (Suspicious Email Analysis Service) Add-in. 

This tool empowers users to swiftly flag and send suspicious emails directly to our security team from their Outlook inbox.

Thus streamlining our threat detection and response processes, giving quicker action on potential security issues.

Using the built-in Outlook Reporting System

1. With the email selected, click on the "More Actions" button located on the top right of the email
2. When the drop-down menu appears, go to the report section
3. Choose the appropriate category for the email
   
   Reported as junk: The messages are sent to the reporting mailbox and/or Microsoft and moved to the Junk Email folder.
   Reported as phishing: The messages are sent to the reporting mailbox and/or Microsoft and then deleted.
   
   
   In contrast, if the user believes a junk email has been falsely flagged, you can also mark it as "not junk." 
   
   

Using the Field Effect SEAS Tool

If you are unsure if the email is safe or malicious, use the Field Effect SEAS tool. This tool allows users to submit potential phishing, malicious, and suspicious emails for analysis by cyber security experts.

The SEAS support tool can be used for:

• Determining email safety

If you need help identifying whether an email is safe or potentially malicious

• Addressing unsafe actions

If you accidentally take an unsafe action on an email and later realize it was malicious

(Please note that while the SEAS tool serves primarily as a support feature, if you are certain that an email is malicious, it is recommended to use the Outlook reporting feature instead for a more effective solution.)

How to use Field Effect SEAS 

• With the email selected, find and click on the Field Effect logo
• The Field Effect SEAS menu will appear to the right
• To help our analysts better understand and respond to the email's potential threats, fill out the SEAS
  submission form and click Submit
• An analyst will review the submission for potential threats

Google Workspace

Google Workspace Gmail users are equipped with robust tools for proactive threat response.

By using either Gmail's built-in reporting or the integrated Field Effect SEAS, users can quickly flag and submit suspicious emails, enabling fast security team analysis and quicker threat response.

Using the built-in Gmail reporting system

1. Select the email, navigate to the "More" button located at the top right of the message
2. In the drop-down menu, locate the report options

3. Select the appropriate option for the email
   
   Reported as Spam: The email is moved from your inbox to the "Spam" folder. When reported, this contributes to Gmail's algorithm, which will filter out more spam emails in the future. These emails are also deleted after 30 days. 
   Reported as Phishing: Gmail's systems analyze the reported email, examining its content, links, and sender information. Often, in conjunction with reporting phishing emails, the email will also be moved to the spam folder and deleted after 30 days. 

    

Using the Field Effect SEAS Tool

If you are unsure if the email is safe or malicious, use the Field Effect SEAS tool. This tool allows users to submit potential phishing, malicious, and suspicious emails for analysis by cyber security experts.

The SEAS support tool can be used for:

• Determining email safety

If you need help identifying whether an email is safe or potentially malicious

• Addressing unsafe actions

If you accidentally take an unsafe action on an email and later realize it was malicious

(Please note that while the SEAS tool serves primarily as a support feature, if you are certain that an email is malicious, it is recommended to use the built-in Gmail reporting feature instead for a more effective solution.)

How to use Field Effect SEAS

• With the email selected, find and click on the Field Effect logo 
• The Field Effect SEAS menu will appear to the right
• To help our analysts better understand and respond to the email's potential threats, fill out the SEAS
  submission form and click Submit
• An analyst will review the submission for potential threats

Stay safe & vigilant!