How to tell if an email is malicious or genuine

Identifying malicious and spamming emails

As malicious and spamming emails become more and more convincing, it becomes harder to distinguish them from other emails. However if you receive any email asking you to login or requesting personal information, you should conduct the following checks (if you are on a smartphone, wait until you can check the email on a computer before continuing).

 Identifying genuine emails

In Outlook for Windows, click on an email to select it and select 'View Headers' in the 'Home' tab. You can see the same in the web version by right-clicking on an email and selecting 'View message details'. You may need to select the 'Other' tab to see the following, or you may just need to scroll down. Emails that have legitimately been sent from staff and PGRs from their University Outlook account will have the following attributes:

X-MS-Exchange-Organization-SCL = -1

X-MS-Exchange-Organization-MessageDirectionality = Originating

X-MS-Exchange-Organization-AuthAs = Internal

If the above is missing or different, you should verify the identity of the sender by some means other than replying to the email.

What to do if you see a spam or phishing email

The best thing users can do is be aware of the different types of threat (see below) and use the Outlook 'Junk' option. As Outlook 'learns' this it will apply the rule across the University, helping to prevent similar messages getting through. (Please only use the Outlook 'Junk' and 'Phishing' options for emails that are genuine spam.)

If you identify a spam or phishing email:In Outlook for Windows, right-click on an email and select 'Junk' then choose either 'Report as junk' or 'Report as phishing'. In the web version, tick the box to select the email and then choose 'Junk' or 'Phishing' from the top menu.

What to do if you opened a possibly malicious attachment or were “phished”.

What to do for ongoing protection