Reporting Phishing and Suspicious Email in Microsoft Outlook

Microsoft - Reporting Phishing

If you receive a suspicious email and believe it could be a phishing attempt, it's important to report it quickly to help protect yourself and others from potential security threats. Follow these simple steps to report suspected phishing emails using Microsoft Outlook's built-in Report Message feature.

Got Phished! Now What?

If you've interacted with (entered username/password) or given personal information in response to a phishing email or on a suspicious webpage, your account may be compromised. Follow the instructions on our Got Phished! Now what?

On This Page

- 1.1 Got Phished! Now What?
2 How to Spot Phishing Emails
3 Report Suspected Phishing Emails in Outlook

How to Spot Phishing Emails

If you receive an email, be sure to consider the following:

Check the URL:
- On mobile: Press and hold the link to view the URL.
- On desktop: Hover over the link to see the URL in the lower left corner.
Asking for credentials?
- Legitimate services will not ask for or need your credentials to assist you.
Check the login screen:
- Don’t enter your password unless you’re sure it’s safe.
Expecting the document?
- Be wary of unexpected links or documents. Contact the sender if you are unsure.
Know the sender?
- If the sender is unfamiliar or the message feels off, confirm directly with the person.
Clear document title?
- Don't open the document out of curiosity if the message is vague.
Is there an ask?
- Be suspicious when being asked for a favor.
The deal is too good to be real.
- A free piano or other offers aren't always what they appear to be.

If you suspect an email is phishing, report it using Microsoft Outlook.

Report Suspected Phishing Emails in Outlook

1. Select the Suspicious Email

In your inbox, locate the email you believe is a phishing attempt.
Do not click on any links or download any attachments from this email.

2. Access the "Report Message" Button

Outlook Desktop and Web App:
- Select the Report Message envelope icon in the top right corner of the selected email.
- Then select (Note this option will also allow you to report non-malicious emails as Junk.)
Alternatively, in the top ribbon of Outlook, find the Report Message or Report
- Click the down arrow below it and select Phishing from the drop-down menu.

Microsoft Outlook Report Message Button

If you use the older version of Outlook, you can use the Report Message button from the top ribbon.

Microsoft Outlook Report Message Button

Outlook for iOS:
- Select the email you'd like to report.
- Tap (...) at the top of the screen.
- Select Report Phishing from the dropdown menu.

Outlook for Android iOS:
- Select the email you'd like to report.
- Tap (...) at the top of the screen.
- Select Report Phishing from the dropdown menu.

3. Confirm the Report

A pop-up window may appear asking if you want to report the email to Microsoft as phishing.
Click Report to submit the email for review.

4. Email is Automatically Reported

The email will be automatically reported to ITS and Microsoft’s security team for investigation.
The message will be moved from your inbox to your Junk or Deleted Items

After Reporting:

Do not reply to the email or engage with the sender.

If you need more information or assistance with verifying any email messages, please do not hesitate to contact your local IT support team. You can also contact the ITS Service Center at 315.443.2677 and help@syr.edu or the ITS Security Department at infosec@syr.edu.