How the Outlook app on the PC helps protect you and your users from phishing emails

One of the greatest benefits of the Outlook app on PCs is that it helps protect you and your users from phishing attempts and scams.

There is actually a huge difference with viewing emails via the Outlook app on PC compared to viewing emails via the OWA web based email portal.

I recently received an email that at first glance looks quite legit when viewing in OWA.
No obvious grammar or spelling mistakes, the same or similar wording to emails that you would receive from Microsoft, as well as the same format and images you would receive from Microsoft with them warning of an 'Unusual Sign-in Attempt On Your Microsoft Office365'.

The hyperlinks look realistic until you hover your mouse to see the URL.
The URL preview shows a link that is definitely not related to Microsoft, but many users may still be tempted to click the link and report the 'unusual sign-in attempt'.

Although Microsoft did flag this as spam and send it to my Junk Email folder, many users could potentially click the link and unknowingly submit their Office 365 credentials, leading to potential credential and data theft.


The same email when viewed in the Outlook app on PC is displayed differently and is less convincing when viewed by end-users. The Outlook app automatically converts messages in the Junk Email folder into plain text format. This shows the underlying hyperlink URL and removes the very convincing images making it easier for users to identify that this is a phishing scam.

The Outlook app even disables the links to protect the end users. The end user has to manually move the message out of the Junk Email folder to enable the links.

As you can see, the Outlook app for PC will help protect your end users from potential data theft by making it easier to identify phishing emails.

Please feel free to share this post with your organisation to educate end users and reduce the potential of credential theft, data loss and even identity theft.


As an added note as part of writing this article, I submitted the email headers to the Message Analyzer section of the Microsoft Remote Connectivity Analyzer site. As you can see below, the headers expose the original sender was from - which is the mail server for a University in Poland.


Check out a list of ALL of my tutorials here - Link

No comments:

Post a Comment