Find source of potential security concern detected by Microsoft Office

George Sinkinson 0 Reputation points
2024-01-04T22:40:21.75+00:00

With Windows 10 Home 22H2 and Outlook 2019

I would like to find the source of emails showing in Outlook that display a notice that
Microsoft Office has identified a potential security concern.

While the content is always the same, varying Subject and Sender are used.
In most cases it appears that this involves a malformed URL.

The location indicated in the Security Notices begins with ttp://***/
it seems to be missing the h in http

What is truly odd is that this only occurs in Outlook, while when viewed in a browser,
it displays valid content.

I have deleted cache everywhere, repaired Outlook, used scanpst, and reinstalled Office 2019.

I tend to think it has something to do with the Office security mechanism, but I have no idea where to start looking.

An example Notice:
OutlookSecurity1

The email in a browser:

User's image

The constant email content:
User's image

Outlook | Windows | Classic Outlook for Windows | For business
Microsoft 365 and Office | Install, redeem, activate | For business | Windows
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Keale 95 Reputation points
    2024-01-16T00:07:10.32+00:00

    If there is only one email with this prompt, I suggest you ignore it. Due to several reasons, this URL appears suspicious: it has a long and random looking string that can be used to mask malicious destinations. It uses the. xyz domain, which is usually associated with spam or phishing websites It does not match the sender's domain or the context of the email. Therefore, I suggest that you do not click on this link or provide any personal information on the webpage. Clicking on such a link may cause the installation of malicious software on your computer or damage to your data.

    1 person found this answer helpful.

  2. SokiGuo-MSFT 31,536 Reputation points Microsoft External Staff
    2024-01-05T06:43:58.02+00:00

    Hi @George Sinkinson

    Based on the image you sent, it seems that you are receiving security notices from Microsoft Office about potential unsafe links in your emails. The notice that Microsoft Office has identified a potential security concern is a security feature that warns you about potential risks from opening or running files or links that may contain malicious code or viruses. It is not necessarily an indication of malicious software, but it is a precautionary measure to protect your system and data.

    To investigate further, it may be necessary to look at the email headers and source code to identify any hidden or embedded elements that may be causing this issue. In addition, check the security settings and filters in Outlook.

    You can do this by clicking on File > Options > Trust Center > Trust Center Settings. For more detailed instructions, please refer to: https://thegeekpage.com/microsoft-office-has-identified-a-potential-security-concern/. (Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.)

    User's image


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


    0 comments No comments

  3. George Sinkinson 0 Reputation points
    2024-01-05T20:26:26.9133333+00:00

    Thank you for your response - I learned a lot of new things.

    I applied the fixes indicated in the link
    https://thegeekpage.com/microsoft-office-has-identified-a-potential-security-concern/

    It didn't make any difference, even after restarting Office.

    My guess is that the security notice is being triggered by the malformed url - missing the 'h' in 'http'.
    Opening in a browser yields:

    BrowserView

    Where does the https reference come from? Is it coming from Office Security or the Sender?
    It seems to be the same weird reference with all the different email senders.

    Is there some way I can set up a mechanism that discards emails with security concerns?


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.