Microsoft 365 from GoDaddy Help

Tips for protecting my email

Email is one of the main methods businesses use to communicate, so it's essential to keep your email secure from malicious activity which could disrupt your productivity or even harm your reputation.

If your email has spam, phishing links, viruses, or malware, your messages might be moved to your recipients' junk folders or be completely blocked. To protect yourself from compromise, you need to understand common attack methods and how to prevent them.

Common attack methods


Phishing emails try to mimic an actual business to trick recipients into giving their personal information. For example, if the recipient follows a link from the email that goes to a false sign-in page, the attacker could collect their email address and password for malicious use.

Phishing emails often appear legitimate but with a few subtle differences. Look out for the following:

  • The sending email address doesn't match the company, such as a typo in the domain name (like @micr0soft).
  • Links which say they go to one place but really go somewhere else. Hover over any links to see where they'll actually send you.

Learn more about phishing emails.

Social engineering

Social engineering is manipulating people to give up confidential information or access. This can happen through email, social media, or in person. In these interactions, a social engineer will attempt to obtain information about you or your business, and then use it to access your email or GoDaddy account.

With social engineering, watch out for the following:

  • Sense of urgency.
    Example: I'm trying to help a customer and need this right now!
  • Impersonating a valid source to seem legitimate.
    Example: I'm from GoDaddy. I need to leave in five minutes and need to access your account right now.
Note: GoDaddy will never ask for your account password, or the multi-factor authentication (MFA) code to your email address or GoDaddy account.

Viruses or malware

Any messages from unknown or unexpected senders should be treated with extreme caution. They can contain viruses or malware which are downloaded from attachments or images.

As a precaution, many email clients automatically block images on incoming messages until told to show them. If you choose to always show images from a sender, make sure you have an established relationship.

Never open attachments from unknown senders.

Best practices to protect yourself

Know the signs of a threat

Knowing what to look out for is the biggest step you can take to secure yourself. No single best practice is guaranteed, so being alert for suspicious activity is one of your best defenses.

Make sure you regularly stay informed about new attack methods and educate all users on best practices. This helps everyone remain vigilant and take extra precautions.

Use strong passwords

Strong passwords help prevent your email sign-in from being easily guessed. Your Microsoft 365 email password needs to be 9-32 characters long and can't contain invalid characters or spaces.

When choosing a password, consider these best practices:

  • Use a passphrase (a combination of unrelated words) that’s easy for you to remember while still difficult to guess. Check out this article on building better passwords from the National Institute for Standards and Technology (NIST).
  • Don't reuse passwords. Unique passwords for each sign-in prevents bad actors from accessing any other accounts if they obtain your password.
  • Always sign out of your account when you use a device you share with other people.
  • Never share your password.

Enable multi-factor authentication (MFA)

MFA is a second method of proving your identity when signing in. Consider adding MFA to your GoDaddy and Microsoft 365 accounts. Then if a username and password is ever compromised, MFA stops the attacker from accessing the account because they won't have access to the next level of required authentication.

When setting up MFA on your email, we recommend the Microsoft Authenticator app. It creates a one-time code, which is more secure than one-time codes sent by SMS.

Security defaults make it easier to secure and help protect your organization with default settings that Microsoft manages on behalf of your organization. Enabling security defaults will require all users to set up MFA. Alternatively, you can require specific users to set up MFA by enabling and enforcing MFA.

Regularly scan your devices

Sometimes, despite our best efforts, something accidentally infects our devices. Regularly scanning all devices for viruses and malware helps find and remove these threats, hopefully before they cause any damage or collect sensitive information. Consider scanning at regular intervals such as daily, weekly, or biweekly.

If you suspect a compromise, immediately disconnect your device from the internet or your network. Use a device you know is clean to change the password to your email address (and any other compromised accounts), and then scan the potentially infected device for viruses and malware.

Regularly update your devices

When your devices have routine updates, these can range from new features to security updates for newly discovered vulnerabilities. Bad actors will exploit any vulnerabilities, so make sure you're updating devices regularly to stay secure.

Also make sure you’re using the most recent operating systems available for your device. Using the most recent operating system helps protect against current threats. Windows, Mac, Android, and iOS are examples of common operating systems. Check out the help documentation for your device's operating system to determine if you're using the most recent version and how to update it.

Consider additional scanning for emails

View and manage your threat protection policies in the Microsoft 365 Defender portal, including anti-malware and anti-spam policies. You can also create new policies in addition to the default policies.

More info

Share this article