Suspicous Emails (Phishing)
This guide provides clear, step-by-step instructions for identifying and reporting phishing emails using Microsoft Outlook (2016, 2024, and Outlook Web App). It outlines the proper use of the built-in reporting tools, explains how to safely handle suspicious messages, and offers best practices to protect yourself and the university from email-based threats. 

Handling Suspicious Emails
“I think I’ve received a Phishing email! What should I do?!” 
 
 Do not click on Links or open Attachments 
 Avoid Interacting with any content in the email 
 Verify the Sender 
 Use the Report Phishing button in Outlook to report phishing emails to the IT Department Outlook (New) Click this link to view instructions 
 Remove the phishing email from your inbox and trash folders after reporting it to IT

Identifying Phishing
1. Suspicious Senders 
 
 Check the Sender’s email address 
 Look for subtle misspellings or unusual domain names 
 
 2. Generic Greetings 
 
 Be cautious of generic greetings 
 Phishing emails often use greetings like “Dear Customer” instead of your actual name 
 
 3. Urgent or Threatening Language 
 
 Beware of emails that create a sense of urgency or fear 
 Phrases like
 “Your account will be suspended,” 
 “Immediate action required,” or 
 “URGENT” 
 
 May also promise rewards of some kind 
 
 4. Mismatched URLs 
 
 Ensure the URLs in the email match the legitimate website 
 Hover over links to see the actual URL 
 
 
 Poor Grammar and Spelling 
 
 Look for spelling and grammatical errors 
 Phishing emails often contain typos and awkward phrasing 
 This is often due to attackers using Google Translate to translate into English 
 
 Unexpected Attachments or Links 
 
 Do not open unexpected attachments or click on suspicious links 
 A link might say ‘www.yourbank.com’ but actually lead to a different website 
 Do not open an attachment if it is a .exe (Windows) or .dmg (MacOS) 
 
 Request for Personal Information 
 
 Legitimate organizations will not ask for sensitive information via email 
 Emails asking for passwords, Social Security numbers, or credit card details are likely phishing attempts 
 
 
 If you Suspect an email is Phishing 
 If you suspect that an email is a phishing attempt, please refer to Handling Suspicious Emails and follow the instructions to report the email to the IT Department. 

Outlook (Classic)
Navigate to  Inbox 
 Select the email you wish to report, and ensure the email is highlighted 
 Under the Home tab, In the far-right corner, select Phish Alert Report 
 The email is reported to the IT Department for review

Outlook (New)
Navigate to  Inbox 
 Select the email you wish to report, and ensure the email is highlighted 
 Select the Home tab 
 Use the Report button (located next to Reply) to report the email 
 A popup will appear asking if you’re sure you’d like to report the email. Select Report 
 The email is reported to the IT Department for review 
 These instructions also apply to Outlook Web Online (OWA)