Microsoft Office 365: Impersonation Protection

Email impersonation attacks, also known as business email compromise attacks, are a common security concern. They start with an attacker creating an email address much like an employee’s address, generally an executive, board member, or other person who would be considered important. The attacker then uses this address to begin a conversation with an employee leading to leaked information, a request to purchase gift cards, or some other type of scam.

Microsoft Office 365 includes a feature designed to notify the recipient of an email if it appears to look like a known campus address. For example, you receive an email from dean.smith.uwrf@gmail.com. Dean Smith is also a UWRF employee with the address dean.smith@uwrf.edu. Because the address is similar, the feature will flag the email with a notice informing you of the similarity. We have configured this service to notify people if it appears someone may be impersonating key campus leaders including the cabinet, deans, and key shared accounts.

However, this service can create false positives as names are not unique and people often use their names as part of their personal email address. The warning is simply there to help you decide whether to trust the sender or not.

Two examples of how the warning may appear at the top of an email:

  • Text based email (how it would appear in your Junk Folder):

FNAME.LNAME@GMAIL.COM appears similar to someone who previously sent you email, but may not be that person. Learn why this could be a risk <http://aka.ms/LearnAboutSenderIdentification> Feedback <http://aka.ms/SafetyTipsFeedback>

  • For HTML based email (how it would look in your inbox):