Threatening Emails

Hello,

Are these emails found in your spam/junk folder?

Email spoofing happens when someone uses an outside mail server to send messages that pretend to come from your email address by forging the "From" field. They do not have access to your actual email account. To prevent and detect this, email providers like Microsoft use protections like SPF (to define which servers are allowed to send on your behalf), DKIM (to attach a digital signature to prove the email is real), and DMARC (to tell other servers what to do if a message fails these checks). If a spoofed email fails these checks, it will usually be flagged as spam or rejected.

So, if the email is already in spam/junk folder, you have nothing to worry about.

If it’s not in spam folder let me know. We can review further to make sure your account is not compromised.

In Outlook, a threatening email that appears to come from the same address as the recipient can still be reported and handled as phishing or junk, even if it cannot be “blocked” in the traditional sense.

Use these steps and options:

1. Report the message from Outlook
   • In Outlook (including Outlook.com and Microsoft 365 Outlook), select the threatening message.
   • Use the built-in reporting feature:
     • In Outlook.com: select the message, then choose Report > Report phishing above the reading pane.
     • In Outlook desktop with the Report add-in: select Report message on the ribbon, then choose Phishing or Junk.
   • This removes it from the Inbox and sends a copy to Microsoft to improve filters and protect against similar messages in the future.
2. Treat it as a phishing/compromise attempt
   • Do not click any links or open attachments in the message.
   • If the message suggests the account is compromised (for example, it contains blackmail or threats), immediately change the account password and review security settings.
3. If using Microsoft 365 / Defender for Office 365
   • End users should report the email as Phishing or Junk using the built-in Report button.
   • Admins can then review these user-reported messages on the User reported tab in the Microsoft Defender portal and, if needed, submit them to Microsoft for deeper analysis and create block entries for the sending infrastructure (domains/addresses) rather than the user’s own address.
4. If the email truly appears to be from the same mailbox
   • Even if the visible From address matches the mailbox, the message can still be:
     • Reported via Report > Report phishing (Outlook.com / Outlook) so Microsoft can analyze the headers and underlying sending source.
     • Submitted by an admin from quarantine or the Submissions page in Microsoft 365 Defender, if applicable.
   • Blocking the exact From address is not effective when the attacker is spoofing the address, so reporting and security review are the primary actions.
5. If the email includes threats or blackmail
   • Follow the guidance for phishing victims:
     • Change passwords for affected accounts.
     • If financial data is involved, notify the bank or card issuer.
   • Consider reporting the incident to local authorities if the threats are serious.

References:

• Protect yourself from phishing
• How do I report a suspicious email or file to Microsoft?
• Phishing and suspicious behavior in Outlook
• How to handle malicious emails that are delivered to recipients (false negatives) using Microsoft Defender for Office 365
• Report phishing and suspicious emails in Outlook for admins
• How to protect against phishing attacks