junk

The Report Message add-in works with Outlook to allow you to report suspicious messages to Microsoft and manage how your Microsoft 365 email account treats these messages.

Messages marked as junk by your Microsoft 365 email account are automatically moved to your Junk Email folder. However, spammers and phishing attempts are continually evolving. If you receive a junk email in your Inbox, you can use the Report Message add-in to send the message to Microsoft, helping improve spam filters. If you find an email in your Junk Email folder that is not spam, you can use the add-in to mark it as legitimate, move it to your Inbox, and report the false positive to help Microsoft enhance the filters.

What is Junk Email?

Junk email, often referred to as spam, consists of messages you do not want to receive. These emails may advertise unwanted products or contain content that is offensive. If you select the Junk option, a copy of the message may be sent to Microsoft to improve spam filters, and the message will be moved to your Junk Email folder.

What is Phishing?

Phishing is a tactic used to trick you into disclosing personal information, such as bank account numbers and passwords. Phishing messages often appear legitimate but contain deceptive links that lead to fake websites. If you select Phishing, a copy of the message may be sent to Microsoft to improve filters, and the message will be moved to your Junk Email folder.

For more information and tips on spotting phishing emails, please refer to the following support article:

How to Spot a Phishing Scam

Microsoft has recently updated the process for reporting phishing or junk emails in Microsoft 365 Outlook and classic Outlook clients. With this update, a new Report Message button is now available in a dedicated tab within the Outlook client.

Reporting a Message as Phishing/Junk

By default, the Report button is inactive (grayed out). To activate the button and report a message as phishing or junk, the email must first be highlighted.

To report a message as Phishing or Junk:

1. Click on the email message you want to report
2. Click the “Report” button
3. Select either “Report phishing” or “Report junk” to properly submit the message

4. Click “OK” on the confirmation window

A secondary window will appear, explaining that regularly reporting junk emails helps improve junk email filtering in the future.

What is a Legitimate Email?

A legitimate email is one that comes from a sender you know, are expecting, or that has been mistakenly marked as junk. If this happens, you can use the Report button to mark the message as Not Junk. This will move the message from your Junk Email folder back to your Inbox.

Reporting Messages as Not Junk:

1. Click on the “Junk Email” folder in Outlook
2. Select the email message you want to report as “Not Junk“
3. Click the “Report” button
4. Select “Not Junk” to properly report the message

What is a phishing scam?

Phishing refers to the act of using a fraudulent identity and scenario to extract personal information or something else of value. Although phishing scams can occur over various mediums including text messages, phone calls, and social media, they are most frequently carried out via email.

Scammers have many means of acquiring bulk email addresses. Receiving a phishing attempt does not mean that your account has been singled out or has been compromised in any way.

Fairleigh Dickinson University’s email accounts employ Microsoft’s Advanced Threat Protection (ATP) which, in addition to traditional spam filtering, removes malware infected attachments and utilizes Safelinks to scan messages for malicious links. Additionally, we have appended the subject line of messages coming from outside of the FDU domain with the “[External]” tag. Although phishing can occasionally come from inside of our domain, messages with the external tag demand extra scrutiny.

Despite all of these efforts, keeping up with the latest scams is always a cat and mouse game. It is best practice to have a solid foundational knowledge of how these scams work.

Detecting a Phishing Scam

Although each phishing scam is unique, there are certain common traits which can serve as red flags. The most common “tell” is a sense of urgency. Generally, phishers would like for you to act promptly and without careful consideration. As a result, they will pepper their email with phrases such as “immediate action required” and “to avoid the immediate suspension of your account”.

Although an urgent tone is likely to be your first clue, there are plenty of other red flags that you will begin to notice over time. Many phishing attempts are poorly constructed emails. Incorrect spelling and grammatical errors are common. The message could contain a blank subject line and the sender’s signature may only list their title instead of their name. Be wary of messages in which the quality of writing does not meet your expectations for the purported institution.

The goal of many scams is to make a request for your personal information. This can take the form of bluntly asking for your social security number. However, it may also take a subtler approach. Many phishing attempts will create a mock version of a University, banking institution, or commerce website and ask you to log in. Once you enter your account information, the scammers have acquired your password.

Although most phishing scams cast a wide net, some recent attacks have specifically targeted individual members of the University. If someone is claiming to be your colleague or supervisor, check to confirm that the message is coming from their FDU account. Do not trust messages claiming to be from FDU employees which originate from external accounts such as Gmail and Yahoo.

Many of these personalized scams also have a very specific common thread. After a bit of conversation, the scammer will request that you purchase gift cards for common services such as iTunes, Google Play, or Amazon. No, your boss does not urgently require you to purchase gift cards out of pocket.

Also, beware of solicitations coming to your FDU email address from businesses offering deals or asking you to click on a banner to receive a promotion. Make sure that the email is coming from the domain of the company offering the sale or promotion.

What does a phishing scam look like?

Now that you know what to look for, let’s look at a sample phishing attempt:

Reporting a Phishing Scam

You can use your newfound expertise to assist the FDU community. When you see a message that you believe to be a phishing scam, please report it to us. Via Outlook this can be accomplished via our reporting tool. Please see Reporting Phishing or Junk Emails for more information. If you are using an alternative mail client such as Apple Mail, you can forward the suspected scam to phishing@fdu.edu.

How should I proceed if I have already replied to a Phishing Scam?

Please change any passwords that you have provided to the scammer. Once this is completed, please contact the Fairleigh Dickinson University Technical Assistance Center (UTAC) for further instructions.