Phishing mitigation: Microsoft Exchange change coming to better identify external emails

Due to an increased number of phishing attempts at Michigan Medicine and health systems across the nation, Microsoft Exchange will be configured to better identify emails that originate outside of U-M when they include an attachment or web link.

This will help to better identify valid internal emails vs. fraudulent emails that appear to be sent from an internal source.

Beginning Sept. 20, recipients will begin seeing a banner message that warns them to be cautious if they are not familiar with the sender. Emails will only be marked when:

• They are NOT sent from an @umich.edu or @med.umich.edu email address
• AND they contain a link or attachment

“Phishing emails often appear to be sent from an internal and trusted source, and typically ask recipients to open attachments or click on links,” said Jack Kufahl, chief information security officer for Michigan Medicine. “This warning message is a simple nudge to encourage recipients to be a little more cautious than they might otherwise be when opening attachments or clicking on links.”

Because legitimate emails sent outside of the U-M email domain will include the banner message, Michigan Medicine employees should follow these guidelines when trying to spot a phishing scam:

• Review the email header information: Do you recognize the sender and their email domain?

• Consider the email content: Is this message typical for this sender?

• Hover over links to review the address before clicking: Is the email trying to panic you into clicking a link?

• Review the signature: Do you recognize the sender’s name or department?

More information about phishing is available on the U-M Safe Computing website.