Microsoft recently developed a feature for Office 365 that will tag emails coming from external / non-company senders with the word “External” in some applications.  So, any message that doesn’t come from an actual company email address will be tagged to better help the staff determine when something may be a fraudulent message trying to pretend to be someone else in the business or phishing attempts to steal passwords.  This feature is being added to assist you when viewing messages on your mobile device as those devices don’t always show the actual email address that the message was sent from and instead show just the first and last name of the sender (which can be faked).  These types of scams are really common as scammers try to trick staff into transferring funds or purchasing gift cards “for clients”.

For instance – If you get an odd email from a colleague or supervisor asking “are you busy” or “can you do something for me” and are using Microsoft Outlook on your computer, you can currently glance up next to the sender’s name and immediately see that it isn’t their usual email address and delete the message or call that person to validate if it is them or not.    You can see in this fictional example image below that a message was sent from a made-up email address called andrewserene@gmail.com that isn’t actually me.  In this example, a scammer has created a free Gmail address to pretend to be me, but the recipient can easily see it isn’t my real email address.

Unfortunately, your cell phone probably doesn’t show the email address, so you have no way of knowing that the message came from a fake/external email address and may be inclined to reply.

But that will change now with the “External” sender tags in webmail and Outlook on your mobile device as the message will clearly be labelled.

Here’s what the new tags will look like:

These new “external” indicators should be obvious when using webmail or Microsoft Outlook on your mobile device, but they may not show up if you are simply using Apple’s built-in email program or another third-party mail client.  They also may not appear in most versions of Microsoft Outlook on the desktop since you can see the actual email address in Outlook already.  But, if you are using a different email client than Microsoft Outlook on your cell phone or tablet, you may want to consider using the Microsoft Outlook app instead for additional security functionality.  Outlook is easy to download from the app store and even easier to set up.  Go to https://www.microsoft.com/en-us/microsoft-365/outlook-mobile-for-android-and-ios and click the “Download Now” button to get started with it.

While this feature is being rolled out to help you recognize potentially fraudulent messages, it is important to understand that customers, vendors, and other valid email messages will also be tagged with this “External” tag as well.  While this feature isn’t enabled by default for existing Office 365 tenants, it can easily be enabled using Set-ExternalInOutlook -Enabled $True powershell command.