Office 365 offers Bowdoin two sets of tools that work in conjunction to protect your mailbox and the entire Bowdoin community from the constantly evolving phishing attacks and malware targeting campus.
Exchange Online Protection
Exchange Online Protection (EOP) is the primary line of defense to address malware, spam, phishing and bulk email. All non-Bowdoin emails are filtered and scanned by the Exchange Online Protection filters before the emails enter our local Exchange system.
- If a message is determined to be “Bulk” email, the message is delivered to the Junk-email folder in your mailbox.
- If the email contains a known malicious URL in the body of the message or if the message is determined to be spam or phishing, the message is sent to junk.
- If known malware is found in an attachment, the message is either removed or the attachment is removed and the email is delivered. (See: What will I notice when a malicious attachment is removed from an email?)
- If a message contains a URL that is not on a URL block list or if the email contains a suspicious attachment that is unknown to EOP, the message is sent to Office 365’s Advanced Threat Protection.
Messages identified as Spam or Bulk are delivered to your ‘Junk Email’ or ‘Junk’ folder. For more information see:
Spam and PhishingAdvanced Threat Protection
Advanced Threat Protection (ATP) is a second level of protection designed to catch and block the newest and most sophisticated malware and phishing campaigns. It complements Exchange Online Protection to protect against unsafe attachments and malicious links.
- Safe Links – Exchange Online Protection provides protection by blocking malicious links. Safe Links expands this protection by rewriting the URL and scanning every link in real time as the user clicks on them. (See: What will I notice when ‘Safe Links’ scans an email?)
- Safe Attachments – If Exchange Online Protection identifies a suspicious attachment that does not contain known malware, the email sent to a safe “sandboxed” location where the attachment is analyzed. If the attachment is safe the message is delivered, otherwise the unsafe message is destroyed.
What do I need to do?
With Office 365 Advanced Threat Protection and Advanced Threat Protection protecting Bowdoin, you do not need to do anything different.
What will I notice when ‘Safe Links’ scans an email?
‘Safe Links’ analyzes the URLs in emails for reputation and malicious behavior. If you hover over a URL in an email from a non-Bowdoin email address, you will notice that URL has been rewritten and starts with https://na01.safelinks.protection.office.com. This address shows that the URL was scanned. You can still see the original URL embedded in the Safe Links URL. The rewritten URL will take you to the intended website, so there is no need to need to do anything else.
In Outlook:
In Office.com:
When you click on a Safe Links URL, the majority of the time, it will take you to the intended webpage. Occasionally, the URL is still being scanned and you will see the yellow message below. Once the scan finishes, clicking on the URL will take you to the intended webpage. If the Safe Link scan determines the URL is malicious, you will see the red message below.
What will I notice when a malicious attachment is removed from an email?
If Exchange Online Protections discovers a malicious email attachment, the attachment is removed from the email and is replaced with an attachment named “Malware Alert Text.txt”. The body of the email message is not touched. “Malware Alert Text.txt” is safe to open and contains details about the malware contained in the attachment. It is not necessary to report if you receive an email with a “Malware Alert Text.txt” attachment as the email is safe and the malicious attachment was logged and destroyed.
Example of an email with a replaced attachment and the contents of “Malware Alert Text.txt”:
Please contact the IT Service Desk at 207-725-3030 or Information Security if you have any questions or concerns about Office 365 Advanced Threat Protection, phishing, malware or if you feel a legitimate URL or attachment was blocked.