To maintain a secure and productive Microsoft Teams experience at Fairleigh Dickinson University, it’s important to understand how to manage external communication requests, recognize brand impersonation attempts, and report suspicious content. This guide offers clear, step-by-step instructions to help you stay secure while using Teams.

Managing Incoming Requests from External Users

To ensure your Teams environment remains secure, review and manage requests from individuals outside of FDU before accepting any communication.

Steps to Manage External User Requests:

1. Initial Notification: When someone outside FDU tries to initiate a chat, you will receive a notification indicating they are external to your organization

2. Review the Request: Examine the name and any provided details. Be cautious of unfamiliar or suspicious names
3. Choose an Action:
   • Click “Accept” if you recognize the individual and have a valid reason to communicate
   • Click “Block” if the person is unfamiliar or seems suspicious. Blocking prevents further contact

Protecting Against Brand Impersonation in Teams Chat

Microsoft Teams now detects potential brand impersonation attempts automatically. This feature alerts you if an external user’s message seems suspicious.

Steps to Protect Yourself:

1. First Message Analysis: Teams evaluates the external user’s name and email for impersonation risks
2. High-Risk Alert: If a potential threat is detected, Teams will display a prominent warning with one or more of the following:
   • The sender’s name or email resembles a known FDU entity
   • No previous communication history with the sender
   • The sender is outside your organization

3. Review the Message Content: Click “Preview their messages” and read the message carefully. Watch for urgent requests or unusual links/attachments
4. Second Warning (If Applicable): If you proceed to accept, Teams may display another warning about the associated risks

5. Make Your Decision: Use the alerts and message content to decide whether to continue the conversation

Reporting Suspicious Content

Reporting suspicious messages, calls, or users within Teams helps FDU’s security team manage potential threats effectively.

Reporting Messages from Internal User:

1. Hover Over the Message: Place your cursor over the suspicious message.
2. Click the “More options” (…) icon > More actions > Report this message.

1. In the dialog that opens, verify Security risk – Spam, phishing, malicious content is selected, then click “Report”

4. In the confirmation dialog, click “Close”

Reporting Messages from External Sender:

If you receive a suspicious message from an external sender (e.g., @outlook.com, @live.com), the “Report this message” option in Teams will not be available.

To report a suspicious message from an external source, you must create a SAMI support ticket:

1. Click “Get Support” button located at the bottom of this article
2. Create a support ticket and include all relevant details about the suspicious message

The Report Message add-in works with Outlook to allow you to report suspicious messages to Microsoft and manage how your Microsoft 365 email account treats these messages.

Messages marked as junk by your Microsoft 365 email account are automatically moved to your Junk Email folder. However, spammers and phishing attempts are continually evolving. If you receive a junk email in your Inbox, you can use the Report Message add-in to send the message to Microsoft, helping improve spam filters. If you find an email in your Junk Email folder that is not spam, you can use the add-in to mark it as legitimate, move it to your Inbox, and report the false positive to help Microsoft enhance the filters.

What is Junk Email?

Junk email, often referred to as spam, consists of messages you do not want to receive. These emails may advertise unwanted products or contain content that is offensive. If you select the Junk option, a copy of the message may be sent to Microsoft to improve spam filters, and the message will be moved to your Junk Email folder.

What is Phishing?

Phishing is a tactic used to trick you into disclosing personal information, such as bank account numbers and passwords. Phishing messages often appear legitimate but contain deceptive links that lead to fake websites. If you select Phishing, a copy of the message may be sent to Microsoft to improve filters, and the message will be moved to your Junk Email folder.

For more information and tips on spotting phishing emails, please refer to the following support article:

How to Spot a Phishing Scam

Microsoft has recently updated the process for reporting phishing or junk emails in Microsoft 365 Outlook and classic Outlook clients. With this update, a new Report Message button is now available in a dedicated tab within the Outlook client.

Reporting a Message as Phishing/Junk

By default, the Report button is inactive (grayed out). To activate the button and report a message as phishing or junk, the email must first be highlighted.

To report a message as Phishing or Junk:

1. Click on the email message you want to report
2. Click the “Report” button
3. Select either “Report phishing” or “Report junk” to properly submit the message

4. Click “OK” on the confirmation window

A secondary window will appear, explaining that regularly reporting junk emails helps improve junk email filtering in the future.

What is a Legitimate Email?

A legitimate email is one that comes from a sender you know, are expecting, or that has been mistakenly marked as junk. If this happens, you can use the Report button to mark the message as Not Junk. This will move the message from your Junk Email folder back to your Inbox.

Reporting Messages as Not Junk:

1. Click on the “Junk Email” folder in Outlook
2. Select the email message you want to report as “Not Junk“
3. Click the “Report” button
4. Select “Not Junk” to properly report the message