The First Contact Safety Tip is a feature within Exchange Online designed to help detect phishing. This feature adds extra protection against phishing and impersonation attacks. It is a tenant-wide setting and cannot be configured for individual accounts nor can accounts be whitelisted. The frequency of the tip will decrease for a specific sender as Exchange Online begins to recognize the sender for your account.

When does it appear?

This feature displays a safety tip beneath the ‘To:’ field in Outlook (desktop, web app, or mobile) under certain conditions, including:

• The first time you get a message from a sender
• When a message is from a sender you rarely get messages from
  
  

This safety tip persists in message replies but can be deleted from them.

What does it look like?

Depending on the number of recipients in the message, the First Contact banner will be one of the following:

“You don't often get email from <email address>”

“Some people who received this message don't often get email from <email address>”

What should I do? 

There is nothing that you need to do to prepare for this feature. When you see the First Contact banner, you can click on the sender’s name in the message and review their details to confirm legitimacy before responding. Look for the following items below (more information can be found in the links provided at the end of this message).

• Check the email address: Look closely at the sender's email address. Often, phishing emails will use addresses that look like legitimate ones but have slight differences, like extra characters or misspellings.
• Verify the domain: Check the domain part of the email address (the part after the @ symbol). Make sure it matches the official domain of the organization the sender claims to be from. For example, an email from someone at Virginia Tech should come from @vt.edu, not @vt-support.edu.
• Look for personalization: Legitimate emails from companies you have accounts with will often include your name or other personal information. Generic greetings like "Dear Customer" can be a red flag.
• Check spelling and grammar: Many phishing emails contain spelling and grammatical errors. Legitimate companies usually have professional communication standards.
• Examine the email content: Be wary of emails that create a sense of urgency or ask for personal information. Legitimate companies will not ask for sensitive information via email.

If you determine an email is fraudulent, do not respond or click on any links. Simply report it to Microsoft.

Where can I find more information?

• The IT Security Office has some great training available at LinkedIn Learning Training | IT Security Office | Virginia Tech. We recommend you check out Avoiding phishing scams | LinkedIn Learning.
• You can also request access to their Interactive Phishing Awareness Training.
• These articles are some great resources as well
  • Phishing scams
  • Protecting Your Accounts: What to Do After a Compromise
  • How to Protect Yourself from Phishing Attacks