Perpetrators use email as an attempt to steal your personal information. This page will define and help you identify different types of email security threats.
What is phishing?
Phishing is a form of theft where someone attempts to steal your sensitive personal information by pretending to be a trustworthy party in an electronic communication (usually by email). Phishing messages are designed to confuse you by making the messages look like they are from a trusted business, bank, government agency or even the University of Manitoba.
Falling victim to a phishing message could leave you vulnerable to identity theft and severe financial losses.
How to protect yourself against phishing attacks:
The best way to protect yourself is to learn how to recognize them. Most phishing messages usually share some common traits. Learn how to spot them:
- Phishing attempts tend to immediately try to bring out an emotional reaction from you like greed, curiosity and fear. Phishing attempts also often sound urgent.
- Odd tone, bad grammar and spelling or unfamiliar email signatures or sender addresses are clear signs of phishing.
- Beware of phishing email elements like attachments or links to unfamiliar login pages.
Don’t fall prey to fishing attacks. For the latest news in phishing attempts, check our security alerts page.
What is spam?
Spam is unsolicited junk email normally with sales or advertising content. Spam email messages use methods similar to phishing messages to draw you in.
Although spam is annoying, it can also be a security threat. For example, a spam email can disguise itself as an advertisement for a trusted company or organization when it is actually trying to trick you into entering your personal information or downloading a harmful program.
What is the university doing about phishing and spam?
The university employs an email security solution called Ironport. However, no spam or email filter is perfect, so we advise everyone to be aware of best practices and remain vigilant when opening email from unfamiliar sources and clicking suspicious links.
Spam quarantine notification email messages
The University of Manitoba uses Microsoft Defender for Office 365 as its email security solution. Below is information about what it is and how you can use it.
What is Microsoft Defender for Office 365?
Microsoft Defender for Office 365 is a security email service that protects UM accounts from malicious phishing campaigns, marketing spam, malware and more. Using Microsoft’s machine learning and artificial intelligence (AI), MS Defender will provide greater email security and protect you from the latest email threats.
How to get started with Microsoft Defender
MS Defender allows each user to directly modify and fine tune their own email experience.
Any email believed to be "malicious" - meaning email believed to be phishing or another threat - is placed in a security quarantine. You will be emailed a daily quarantine report notifying you of messages delivered to your quarantine. You should check these reports regularly to ensure that legitimate emails were not marked malicious. See the "How to Release Legitimate Email from Quarantine" section below for more details.
Spam emails - meaning unsolicited advertisements, newsletters, or other messages sent in bulk will be sent to your Junk folder within Office 365. If you receive spam email to your inbox, you can block these emails in the future by reporting it as Junk.
Graymail emails - meaning solicited bulk email messages that do not fit the definition of email spam (e.g. the recipient "opted into" receiving them) will be sent to your Junk folder within Office 365. If you opt-into any newsletters, advertisements, or any other email that fits the definition above, you will need to select “It’s not junk” on the message in your Junk Email folder.
If you have not received an expected email, check both your Junk Email folder and your Quarantine to see if the email was identified incorrectly.
IronPort email spam filter information
Check your Junk Email folder regularly
Messages identified by Defender as spam or greymail emails will go to your Junk Mail folder.
It is important to check your Junk Email folder regularly because Outlook will delete junk email 30 days after you receive it.
How to check your junk email
- Look for a folder called “Junk Email” in Outlook.
- Scan through the messages in your Junk Email folder and look for any that seem relevant or interesting to you.
- If you find a message that you want to keep, you can move it to your Inbox by selecting It’s not Junk at the top of the message.
Spam quarantine notification email messages
The university uses Microsoft Defender as its email security solution for spam email filtering. However, no spam or email filter is perfect. We advise everyone to be aware of best practices and remain vigilant when opening emails from unfamiliar sources and clicking suspect links.
All users will receive emails from Microsoft 365 Security (email@example.com) notifying you of incoming messages that have been marked as malicious. Check these messages regularly, as they may be blocking emails that you were expecting to receive. At any time, you may review any messages being held in quarantine by going to https://security.microsoft.com/quarantine.
How to release legitimate email from quarantine
To release falsely held emails from quarantine:
- Open a web browser and navigate to https://security.microsoft.com/quarantine or you can click the "Review" button in the quarantine report that you receive in your inbox.
- Once there, sign into MS Defender using your UM email address and password (Doing so will result in a prompt from Entra MFA).
- Once signed in, you can then select the messages that you wish to release and click the "Request Release" option.
What does “Request Release” mean?
Email classified as malicious with high confidence will require an administrative approval prior to releasing the email. You will need to click the “Request Release” button to notify our Security Operations Center to review your request and approve it if the detection is considered a false positive. If you have specific questions about your release request, please email firstname.lastname@example.org.
MS Defender keeping emails in quarantine
Defender keeps quarantined emails for 30 days from the received date, and then the message is deleted. Once emails have been deleted from quarantine, they cannot be retrieved.
MS Defender safelisting or blocklisting
Safelists ensure that email addresses added to this list do not have their messages filtered by anti-spam scanning. Blocklists ensure that messages from addresses added to this list are not sent to your inbox.
The Safe Senders and Domains list has a limit of 1024 total entries. The Blocked Senders and Domains list has a limit of 500 total entries. This limit cannot be increased.
Spammers will often change the email address they are using to send spam or spoof the email address they are using. As a result, adding an email address to your blocklist may not stop future spam.
Checking your spam quarantine and email quota in Outlook
Malware or spyware
What is malware or spyware?
Malware or spyware is an umbrella term for malicious software or programs that access your data discreetly by infecting your technology. They almost always do harm.
In email, malware or spyware can be obtained through clicking suspicious links within the body of the email or opening and downloading harmful program attachments (especially .exe files).