Email Impersonation Scams: What You or Your IT Staff Can Do to Protect Your Business

Reference:
https://blog.ironbastion.com.au/email-impersonation-scams-phishing-what-your-staff-can-do/

Steps:

1. Exchange Admin Center > Mail Flow > Rules > Create new rule
2. In the popup window, choose 
   1. ‘The sender is located’: ‘Outside the organization’, and 
   2. ‘The recipient is located’: ‘Inside the organization’, and 
   3. 'The sender address includes <<company domain>>. 
3. Under the ‘Do the following’, choose ‘Apply a disclaimer to the message’ -> ‘prepend a disclaimer’ and insert the following piece of code:
   
   <div style="background-color:pink; border:0px dotted #003333; padding:.2em; "><span style="font-size:12pt; font-family: sans-serif; color:black; font-weight:bold; padding:.2em">Please be cautious</span><div style="font-size:10pt; font-family: sans-serif; color:black; font-weight:normal; padding:.2em">This email was sent outside of your organization</div> </div><hr>
   
4. The fallback action should be ‘Wrap’. 
5. Click on ‘Save’ and wait for a few minutes for the rule to activate.