Spam, Phishing and Quarantine Messages

Key facts:

Spam: (noun) "Irrelevant or unsolicited messages sent over the Internet, typically to large numbers of users, for the purposes of advertising, phishing, spreading malware, etc"

Over 80% of ALL email traffic on the Internet is considered spam.

SafeAttachments and SafeLinks
Exchange Online mailboxes are protected against malicious emails by Defender for Office365, which includes the SafeAttachments and SafeLinks services.

SafeAttachments scans attachments for malware before a message is delivered to a mailbox. If malware is detected, you will be notified that attachments have been removed.

SafeLinks scans links within messages at the time a message is received and when a link in an email is clicked, and will dynamically block any link identified as malicious.

Quarantined messages

Exchange Online has a quarantine function that will prevent messages being delivered to your mailbox based on a spam score assigned by Exchange Online Protection and SpamAssassin. If messages sent to your personal mailbox have been identified as spam you will be notified by email and can choose to release messages from quarantine that you know to be genuine. If you report the message as a false positive when it is released back to your mailbox it will help to train Microsoft's spam rules.

If messages are deemed to be high confidence phishing or contain malware, you will need to request review before they can be released.

If messages are delivered but go to to your junk mail folder, this can be a result of local settings on your mailbox or rules in your desktop mail client. You can amend the list of Allowed and Blocked Senders via webmail settings.

If you receive a quarantine message but aren't sure if it is genuine, hover your mouse over the Review Message button. The address displayed should start with https://security.microsoft.com/quarantine. You should be able to tell from the details whether it was a legitimate message or not. If it doesn't sound like a message that you were waiting for you can simply delete the quarantine message and eventually the spam message will be removed from the system.  If it is legitimate and you wish to release it, click the Release button and it will be released into your mailbox

Open

Your role in preventing spam:

Be suspicious - more fraudulent email are sent out than than legitimate ones!  This means that you need to treat every message with caution.

It might be spam if some or all of the following apply:

1. If you are not expecting the email, and don't know or recognise the sender, it may be spam BUT....

2. It might also appear to have been sent from a colleague's account.  It is easy to spoof someone's email address.  If the message ticks several of the boxes in this list - it is probably spam.

3. If the email is badly formatted or contains odd grammatical structures, it may be spam

4. If the email may use unfamiliar terms - e.g. ICT helpdesk instead of CSCS Service Desk

5. If it asks you for any personal information whatsoever, it may be spam

6. If it contains links to websites that ask you to fill in any details, it may be spam

   1. hover your mouse pointer over the link (but don't click) to see what comes up - what might appear to be a web page to a University page might in fact say 'apply here' or refer to a non cam.ac.uk website

7. If it has an attachment that you were not specifically expecting, do not open it. 

If you are not sure ask us, there is no shame in it and we'll be glad you did.  

If you see a piece of spam that seems to be targeted at the University and may have been widespread, forward a copy to spam@uis.cam.ac.uk for investigation and blocking for the entire University.

More information regarding Security and policies can be found at UIS Security and policies.