How to Report a Phishing Email (Report Phish Button)

How to Report a Phishing Email (Report Phish Button)

The Report Phish Button (formerly known as the Phish Alert Button) is built into Microsoft Outlook and allows you to quickly report suspicious or potentially harmful emails. Using this button ensures phishing attempts are reviewed promptly and handled consistently.

Why use the Report Phish Button?

• Helps protect SFA. Reported messages are reviewed so phishing campaigns can be stopped quickly.
• Protects your account. Early reporting helps block malicious links and attachments.
• Saves time. One click reports the message—no forwarding or ticket creation required.

When should I use the Report Phish Button?

Use the Report Phish Button whenever you receive an email that seems suspicious or doesn’t look right, including:

• Requests for usernames, passwords, or financial information
• Urgent or threatening messages (for example, “your account will be locked”)
• Unexpected attachments or links
• Emails from unknown senders or messages that appear spoofed

What happens after I click Report Phish?

1. The email is sent to IT Security for review.
2. The message is removed from your inbox and placed in Deleted Items.
3. If reported by mistake, the email can be recovered from Deleted Items.
4. If confirmed as phishing, additional steps are taken to protect campus accounts.

How to use the Report Phish Button

The Report Phish Button is available in Outlook on desktop, web, and mobile devices.

Outlook (Desktop)

1. Select the suspicious email.
2. Click the Report Phish button in the Outlook ribbon.
3. Confirm when prompted.

Outlook on the Web (Microsoft 365)

1. Open the suspicious email.
2. Click the Report Phish button in the toolbar.
3. Confirm when prompted.

Outlook Mobile App (iOS / Android)

1. Open the suspicious email.
2. Tap the More Options menu (three dots).
3. Select Report Phish.
4. Confirm when prompted.

Need Help?