A client received what appeared to be a legitimate outreach email from a well-known financial services company asking about LP investment opportunities. The email didn't contain any obvious red flags at first glance — no typos, no urgent threats, no suspicious links, and the client is fundraising. A response was sent, and a follow-up email arrived shortly after. Both were flagged by Microsoft 365 and moved to the Junk folder, where the user found them.
When we investigated the sender's domain, we found it was a lookalike domain — a near-identical copy of a real company's website address, with just a letter or two changed. It had been registered the day before the email was sent.
How We Knew It Was Fake
RED FLAGS WE IDENTIFIED
- ✕ The domain was registered less than 24 hours before the email was sent
- ✕ No DMARC record (a basic email authentication standard that legitimate businesses set up)
- ✕ The domain used bulk email sending tools, not a standard business email provider
- ✕ Zero web presence — no website, no search results, nothing
- ✕ The real company operates under a slightly different domain name
Why Junk Folders Exist
Your email spam filter is not a bug — it's doing exactly what it's designed to do. Microsoft 365 flagged these emails before they ever reached an inbox. The system picked up on signals that a human eye might miss, especially when the sender has put effort into looking legitimate and personally targeting a given user.
We know it can be frustrating when emails get flagged, especially if they look normal. But if something is sitting in your Junk folder there is always a good reason for it.
What You Should Do
BEST PRACTICES
- ✓ If a Junk email looks legitimate, contact Hybridge before moving it
- ✓ Never reply to a Junk message without having it reviewed first
- ✓ Be cautious of outreach from companies you haven't contacted before
- ✓ Check the sender's domain carefully — one extra letter can be the difference between real and fake
- ✓ When in doubt, reach out to us. That's what we're here for.
Not sure about an email? Forward it to Hybridge IT at support at hybridge.com. We'd rather check 100 legitimate emails than miss one phishing attempt.
Share this blog:
