Suspected phishing email - reporting
Summary
This guide helps you troubleshoot and resolve: Suspected phishing email - reporting. Follow the steps below to fix the issue.
Common Causes
Reporting a Suspected Phishing Email - Business User Guide
Problem
You received an email that looks suspicious — it could be a phishing attempt to steal your credentials or infect your computer with malware.
What is Phishing?
Phishing emails try to trick you into:
- Clicking malicious links
- Downloading malware
- Providing passwords, credentials, or financial information
- Transferring money or sensitive data
Red Flags to Watch For
- Urgent or threatening language ("Your account will be closed!")
- Suspicious sender (e.g., support@company-secure.com instead of support@company.com)
- Requests for sensitive information (passwords, bank details, employee data)
- Mismatched URLs (hover over links to see the real destination)
- Poor spelling and grammar
- Unexpected attachments from unknown senders
- Too good to be true offers
How to Report a Phishing Email
Method 1: Use Outlook's Built-in Report Feature (Recommended)
1. Select the email in your inbox
2. Go to the "Home" or "Message" tab in the ribbon
3. Look for:
- "Report" → "Report Phishing"
- Or "Junk" → "Report as Phishing"
4. Click the option to report the email
5. Confirm if prompted
6. Delete the email from your inbox
Method 2: Forward to IT Security Team
1. Forward the suspicious email to: [your company's security email]
- Common addresses: security@company.com, phishing@company.com, itsecurity@company.com
2. Do not click any links in the email before forwarding
3. In the subject line, write: "Suspected Phishing - [brief description]"
4. Provide context: "Received from unknown sender claiming to be..."
Method 3: Use the Microsoft Report Message Add-in
1. If installed, you'll see a "Report Message" button in the email
2. Click it → select "Phishing"
3. The email will be reported to Microsoft and your IT team
What to Do If You've Clicked a Suspicious Link
1. Don't panic — but act quickly
2. Don't enter any passwords or credentials
3. Disconnect from the internet (disable Wi-Fi/Ethernet)
4. Don't download or run anything from the email
5. Contact IT immediately and explain what happened
6. Change your passwords from a different, safe computer
7. Monitor your accounts for unusual activity
What NOT to Do
- ❌ Don't reply to the suspicious email
- ❌ Don't forward it to colleagues (only to IT/security)
- ❌ Don't download attachments
- ❌ Don't click any links, even to "unsubscribe"
- ❌ Don't call any phone numbers in the email
After Reporting
- IT will investigate the email
- The malicious sender may be blocked
- Additional warnings may be sent to the company
- You did the right thing by reporting!
Need More Help?
Contact IT Support immediately if:
- You've clicked a link or provided information
- You're unsure whether an email is legitimate
- You notice unusual account activity after receiving a suspicious email
When in doubt, throw it out — and report it!