Is this a phishing message? Ask Copilot

Is this a phishing message? Ask Copilot!

Microsoft Copilot is an AI-powered digital assistant integrated across Microsoft's ecosystem

Because Gwinnett Tech uses Outlook for student email, Copilot is built in.

Students can use Microsoft Copilot to analyze suspicious messages and check if they are legit.

The student help desk is always here to help but Copilot can be another tool students can use to get assistance.

The instructions below are explained by Copilot, along with some additional information added.

As always, if you have questions please contact the Student Help Desk.

stuhelpdesk@gwinnetttech.edu | 678-226-6407

How to Use Copilot in Outlook to Check for Phishing

Open the suspicious email in Outlook.
Look for the Copilot icon in the message toolbar.
Click the Copilot button to open the Copilot panel.
Type a prompt such as:
“Is this email safe?” or "Is this a phishing message?"
or
“Does this message look like a phishing attempt?”
Copilot will review the email and flag signs of phishing, including:
- Suspicious links
- Unusual sender information
- Urgent or threatening language
- Requests for login credentials
- Fake login pages or spoofing attempts

Can I use Copilot on my phone?

Yes, you can also use Copilot in the Outlook app on your mobile device.

Look for the Copilot button.

What will copilot tell you?

Here is an example of the kinds of things copilot might say.

This message was an actual phishing attempt recently sent to Gwinnett Tech Student. We used copilot to analyze the message.

Check if the email is a phishing attempt

⚠️ Verdict: Highly Likely PHISHING

Several red flags strongly suggest this is not a legitimate university IT message.

🚩 Major Phishing Red Flags Found

1. Suspicious Sender Address

The email was sent by "Scammer Name" .

A legitimate university IT Security Office message would come from an official university domain, (@gwinnetttech.edu) not liceoulivi.it, which appears unrelated.

2. Unprofessional, Odd Wording in the Attachment

The attached document Steieie.docx includes unusual phrasing, especially this line:

“NOTE: PREVENT MEANS YOUR SCHOOL EMAIL PASSWORD”

This is a major red flag because:

No legitimate IT department will ever ask you to enter or “confirm” your password.
The wording is strange, unclear, and not typical of professional IT communication.

3. Instructions to Copy/Paste a Link

The attachment instructs you to:

“copy and paste the URL directly into your browser”

Phishing attempts often do this to avoid email security scanners detecting malicious links.

4. Threat of Deactivation to Induce Panic

Phishing emails commonly use urgency like:

“Accounts that remain unverified may be scheduled for deactivation…”

Legitimate IT teams typically:

Give advance notice through multiple verified channels.
Do not use external senders, strange wording, or attachments to verify account status.

🛑 What You Should Do Immediately

Do NOT click the link or download/open the file (if you haven’t already).
Do NOT enter your password anywhere.
Delete the email.
Consider forwarding it to your institution’s official IT security or abuse address. spammail@gwinnetttech.edu
If you clicked or entered anything, immediately reset your password and contact IT.

If you'd like, I can also: ✔ Draft a report to send to your IT department
✔ Show you how to verify official IT messages
✔ Help check any other suspicious emails

Report suspicious messages

Report suspicious message, forward them to spammail@gwinnetttech.edu

Do not open any attachments or click on any links in the suspicious message.

🎣 Common Phishing Tactics

1. Spoofed Email Addresses & Sender Names

Attackers impersonate:

IT departments
Banks
Delivery services
Managers or executives

They may use:

Slightly altered domains (ex: @micros0ft.com)
Display names that look legitimate

Goal: Make you trust the message at first glance.

2. Urgency & Fear Tactics

Phishers try to make you act before thinking, using pressure like:

“Your account will be deleted today!”
“Unexpected charge — verify now!”
“We detected unusual activity — log in immediately.”

Urgency is one of the biggest giveaways.

3. Malicious Links Disguised as Legitimate

Links may:

Look similar to real sites
Be shortened (bit.ly, tinyurl)
Be embedded in buttons or images

Hovering often reveals a suspicious, unfamiliar URL.

4. Fake Login Pages

You’re directed to a page that:

Looks identical to a real login portal
Asks for your username & password
Captures your credentials instantly

Often used for Microsoft 365, Google, bank, or school portals.

5. Attachments Containing Malware

Common attachment types used:

.docx (with malicious macros)
.pdf
.zip files
.html forms

When opened, they can:

Install spyware
Steal stored passwords
Encrypt files (ransomware)

6. Requests for Personal or Login Information

No legitimate organization will ask for:

Your password
MFA codes
Social Security Number (unless in a secure, expected context)
Financial account numbers

If an email asks for secrets, it’s phishing.

7. “Copy and Paste” Link Instructions

Phishers sometimes say:

“Copy and paste this link into your browser.”

This avoids security scanners that block dangerous links.

8. Unexpected Account Status Messages

Examples:

“You’re being deactivated.”
“Your mailbox is full.”
“Your payment failed.”

These typically direct you to a fake verification portal.

9. Impersonation of Coworkers or Authority Figures

This is known as Business Email Compromise (BEC).
Common examples:

A “manager” asks you to buy gift cards
A “coworker” requests a file transfer
The “CEO” sends an urgent task

The emails often look casual but urgent.

10. Too‑Good‑To‑Be‑True Offers