Microsoft Copilot in Outlook (on the web and desktop) can help you evaluate an email for legitimacy, identify potential spam or phishing indicators, and improve confidence before responding, clicking links, or opening attachments.
When to Use Copilot for Email Validation
Use Copilot when:
An email feels urgent, threatening, or unusually persuasive
The sender requests credentials, payments, gift cards, or sensitive data
Links or attachments are unexpected
The message claims to be from IT, Finance, HR, a vendor, or an executive
The tone, grammar, or formatting feels inconsistent with the sender
Copilot does not replace security tools or user judgment, but it provides an additional layer of analysis and advice.
Using Copilot in Outlook on the Web
Open Outlook on the web (https://outlook.office.com).
Select the email you want to review.
Click the Copilot icon from the toolbar.
Enter one of the prompts listed below to analyze the message.
Review Copilot’s feedback carefully before taking action.
Using Copilot in Outlook Desktop (Windows or macOS)
Open Outlook Desktop.
Select the email you want to validate.
Click the Copilot icon in the top right-hand corner of the Outlook application.
Type or paste a validation prompt from the list below.
Evaluate the results and decide whether to proceed, report, or delete the message.
Recommended Copilot Prompts for Spam and Phishing Validation
You can copy and paste any of the following prompts into Copilot.
General Legitimacy Check
"Analyze this email for signs of spam, phishing, or social engineering. Highlight any red flags."
"Does this email appear legitimate based on sender, tone, and content? Explain why or why not."
Sender and Context Validation
"Does the sender and message content align with normal business communication patterns?"
"Is this email consistent with how this sender usually communicates with me?"
Link and Attachment Review
"Review this email for risky links or suspicious attachments and explain the concerns."
"Are there any URLs or attachments in this message that could pose a security risk?"
Urgency and Manipulation Detection
"Identify any urgency, fear-based language, or pressure tactics used in this email."
"Does this email attempt to manipulate the recipient into taking immediate action?"
Credential and Financial Risk Check
"Does this email request sensitive information, credentials, or payment in a suspicious way?"
"Assess whether this message could be attempting account compromise or financial fraud."
Interpreting Copilot’s Response
Copilot may identify:
Spoofed or mismatched sender details
Unusual tone, grammar, or formatting
Requests that violate normal policy or process
Hallmarks of phishing or business email compromise
If Copilot flags concerns:
Do not click links or open attachments
Do not reply to the sender
Use Outlook’s Report Phishing or Report Junk feature
Best Practices and Limitations
Copilot provides analysis, not guarantees
Always rely on organizational security policies for final decisions
When in doubt, report the email rather than engaging
Use Copilot as a learning tool to improve long-term threat awareness
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article