With the proliferation of phishing campaigns, it’s now more than ever important to make sure people know how to recognize e-mail phishing and sender impersonation. Nowadays, many organizations add a generic banner at the top of their e-mail or an additional tag in the subject of an e-mail stating that the e-mail was received from an external recipient. This doesn’t seem to be very effective: when people see this message more often for valid senders, they will be “trained to ignore” it. This is where the ability to show a “First Contact Safety Tip” comes in, as it will give more direct feedback to the user about what’s going on so they can take a well informed action based on the safety tip and any additional training provided on how to recognize phishing.
What does it look like?
The First Contact Safety Tip is added above the e-mail message, and is shown to recipients in the following scenarios:
- The first time they get a message from a sender
- They don’t often get messages from the sender
Some examples of what this looks like:
Enabling the First Contact Safety Tip
There are currently two ways to enable the First Contact Safety Tip, either by adding the X-MS-Exchange-EnableFirstContactSafetyTip header with the value Enabled using a mail flow rule or by enabling the setting in the Anti Phishing policies associated with your tenant.
Enabling via Anti Phishing Policies
- Open a web browser and navigate to https://security.microsoft.com
- On the left side menu, under Email & collaboration select Policies & rules
- Under Threat policies, select Anti-phishing. From there, select the anti-phishing policy you’d like to edit, for example Office365 AntiPhish Default.
- Edit the actions, and make sure to enable the Show first contact safety tip option. While you’re here, I would recommend to also look at the other safety tips!
Enabling via a mail flow rule
- Open a web browser and navigate to https://admin.exchange.microsoft.com
- On the left side menu, under Mail flow select Rules
- Add a new rule, give it a name, and make sure to select More options at the bottom
- Set the rule to apply to all messages
- Under Do the following select Modify the message properties followed by set a message header
- Add the X-MS-Exchange-EnableFirstContactSafetyTip header and set the value to Enabled
- Modify any of the other rule settings as needed but make sure the rule is turned on!