How to stop phishing Email entering our organization mailbox


For the last 2 months, we have received a dozen Phishing emails a few of my end-user claim the downloaded the attached and I can confirm we have become the victim of the phishing emails.

My user have very basic computer skills most of them is an elder person so they didn’t even know how this thing works. You can see the below emails it’s very genuine even smart people can fall for these emails

I need two things here I want to prevent further phishing emails entering my organization user mailboxes and the next tough part is I need to educate my end users so that they should not fall for this scams


1 Like

If you are using paid email services, you may ask your service provider to block similar sources or else only way to do so is manual filtering as described below-

There are many reasons in today’s environment to be wary of email that seems in any way suspicious. Some email messages might be phishing scams; some might contain viruses and other malicious software. Files within the messages can contain inappropriate images and include web beacons, which can be used to secretly send a message back to the sender.

If an email looks suspicious, don’t risk your personal information by opening or responding to the message. Below are some suggested guidelines to help protect yourself against these threats when suspicious mail arrives within your mailbox:

  1. If you receive a phishing e-mail message, do not respond to it. Don’t open junk mail at all

First off, what is Phishing (pronounced “fishing”)? It is a type of online identity theft that uses e-mail and fraudulent websites that are designed to steal your personal data or information such as credit card numbers, passwords, account data or other information. To protect yourself from phishing scams sent through e-mail, if an email looks suspicious, don’t risk your personal information by responding to it. Delete junk email messages without opening them. Sometimes even opening spam can alert spammers or put an unprotected computer at risk. Don’t reply to email unless you’re certain that the message comes from a legitimate source. This includes not responding to messages that offer an option to “Remove me from your list.” Do not “unsubscribe” unless the mail is from a known or trusted sender. Use the junk mail tools in your e-mail program.

  1. Approach links in email messages with caution

Links in phishing email messages often take you to phony sites that encourage you to transmit personal or financial information to con artists. Avoid clicking a link in an email message unless you are sure of the real target address, URL, or a valid sender.

Most e-mail programs show you the real target address of a link when you hover the mouse over the link within the message.

Before you click a link, make sure to read the target address. If the email message appears to come from your bank, but the target address is just a meaningless series of numbers, do not click the link.

Make sure that the spelling of words in the link matches what you expect. Spammers and scammers often use URLs with typos and transposed letters in them that are easy to overlook, such as “Retdail.”

  1. Approach images in e-mail with caution

Just as a beacon within the oceans transmits a message or data back to a source, images within email messages —also known as “web beacons” — can be used to secretly send a message back to the sender.

Spammers rely on information returned by these images to locate active e-mail addresses. Images can also contain harmful codes and can be used to deliver a spammer’s message in spite of filters.

The best defense against web beacons is to prevent pictures from downloading until you’ve had a chance to review the message. Most offline mail clients include these settings.

  1. Approach attachments in email messages with caution

Attachments might be viruses or spyware that download to your machine when you open the attachment file. If you don’t know whom the attachment is from or if you weren’t expecting it, DO NOT open the attachment.

  1. Don’t trust the sender information in an e-mail message

Even if the email message appears to come from a particular sender that you know and trust, use the same precautions that you would use with any other email message. Spoofing is email activity in which the sender address and other parts of the email header are altered to appear as though the email originated or was sent from a different source. This is a common practice of spammers and is one of the hardest to combat as there may be legitimate reasons to spoof an address.

  1. Don’t trust offers that seem too good to be true

If a deal or offer in an email message looks too good to be true, it probably is. The best defense is to exercise your common sense when you read and respond to email messages.

  1. Report suspicious email

If you receive a suspicious email that looks like it came from a company that you know and trust, report the email to the faked or “spoofed” organization.

Contact the organization directly (not through the email you received) and ask for confirmation on the validity of the message. Or call the organization’s toll-free number and speak to a customer service representative.

  1. Don’t enter personal or financial information into pop-up windows

One common phishing technique is to launch a fake pop-up window when someone clicks a link in a phishing e-mail message. To make the pop-up window look more convincing, it might be displayed over a window you trust. Even if the pop-up window looks official or claims to be secure, avoid entering sensitive information, because there is no way to check the security certificate. Close pop-up windows by clicking the red X in the top right corner as the “Cancel” button may not work as you’d expect it would.

  1. Don’t forward chain email messages

Not only do you lose control over who sees your email address making your address susceptible to attacks, but you also may be furthering a hoax or aiding in the delivery of a virus.

Additionally, there are reports that spammers start chain letters expressly to gather email addresses to spam. If you don’t know whether a message is a hoax or not, a site like can help you separate fact from fiction or a Google search of the message can help you determine the validity.

  1. Update your computer software including OS upgrades, patches, Anti-virus, etc.


If your end-users are falling victim to phishing emails, they need to go on a basic IT skills (the best ones which focus on security will be online). It is weird in this day that users are falling foul of these practices.

This is posted in the Office 365 category, but are they using O365? O365 will filter out a lot of trending phishing attacks. Emails containing malware or unsafe links will almost certainly be blocked.

I would recommend another layer of security such as local antivirus which scans email and a local security application which will protect them from being duped into clicking on a dodgy link. AVG is one such package that springs to mind.


Although Office 365 comes with a variety of anti-phishing features that are enabled by default, it’s possible that some phishing messages could still get through to your mailboxes. This topic describes what you can do to discover why a phishing message got through, and what you can do to adjust the anti-phishing settings in your Exchange Online organization without accidentally making things worse .

First things first: deal with any compromised accounts and make sure you block any more phishing messages from getting through

If a recipient’s account was compromised as a result of the phishing message, follow the steps in Responding to a compromised email account in Office 365.

If your subscription includes Advanced Threat Protection (ATP), you can use Office 365 Threat Intelligence to identify other users who also received the phishing message. You have additional options to block phishing messages:

Verify these ATP features are turned on.

Report the phishing message to Microsoft

Reporting phishing messages is helpful in tuning the filters that are used to protect all customers in Office 365.

Send the phishing message as an attachment in a new, otherwise empty message to Don’t just forward the original message; otherwise, we can’t examine the original message headers. Or, you can use the Report Message add-in in Outlook or Outlook on the web (formerly known as Outlook Web App).

For more information, see Submit spam, non-spam, and phishing scam messages to Microsoft for analysis.

Inspect the message headers

You can examine the headers of the phishing message to see if there’s anything that you can do yourself to prevent more phishing messages from coming through. In other words, examining the messages headers can help you identify any settings in your organization that were responsible for allowing the phishing messages in.

Specifically, you should check the X-Forefront-Antispam-Report header field in the message headers for indications of skipped spam or phish filtering in the Spam Filtering Verdict (SFV) value. Messages that skip filtering will have an entry of SCL:-1 , which means one of your settings allowed this message through by overriding the spam or phish verdicts that were determined by the service. For more details on how to get message headers and the complete list of all available anti-spam and anti-phish message headers, see Anti-spam message headers.

Best practices to stay protected

  • On a monthly basis, run Secure Score to assess your Office 365 organization’s security settings.
  • Periodically review the Spoof intelligence report and enable anti-spoofing protection in the anti-phishing policy to quarantine suspicious messages instead of delivering them to the user’s Junk Email folder.
  • Periodically review the Threat Protection Status report.
  • Some customers inadvertently allow phishing messages through by putting their own domains in the Allow sender or Allow domain list in anti-spam policies. If you choose to do this, you must use extreme caution. Although this configuration will allow some legitimate messages through, it will also allow malicious messages that would normally be blocked by the Office 365 spam and/or phish filters.The best way to deal with legitimate messages that are blocked by Office 365 (false positives) that involve senders in your domain is to fully and completely configure the SPF, DKIM, and DMARC records in DNS for all of your email domains in Office 365:
  • Whenever possible, we recommend that you deliver email for your domain directly to Office 365. In other words, point your Office 365 domain’s MX record to Office 365. Exchange Online Protection (EOP) is able to provide the best protection for your cloud users when their mail is delivered directly to Office 365. If you must use a third-party email hygiene system in front of EOP, ensure you have followed the guidance here.
  • Multi factor authentication (MFA) is a really good way to prevent compromised accounts. You should strongly consider enabling MFA for all of your users. For a phased approach, start by enabling MFA for your most sensitive users (admins, executives, etc.) before you enable MFA for everyone. For instructions, see Set up multi-factor authentication.
  • Forwarding rules to external recipients are often used by attackers to extract data. Use the Review mailbox forwarding rules information in Microsoft Secure Score to find and even prevent forwarding rules to external recipients. For more information, see Mitigating Client External Forwarding Rules with Secure Score.