How do I report a suspected phishing email scam?
When you report a suspected phishing email scam, you help sound the alert and keep others safe.
Once the email is flagged, Stanford University’s Information Security Office (ISO) can evaluate the threat. This also allows ISO to quickly take action to protect others on the Stanford network, including technical steps and communications efforts to alert the proper communities.
Let’s look at the two main ways you can report suspected phishing.
1: Use the Phish Reporter Button
For Outlook users, the fastest and easiest way to report a suspected phishing attempt is to use the built-in Phish Reporter Button.
Note: The button says "Report Phish" in the Outlook desktop client, but “Report Phishing” in the Outlook web app (OWA) and mobile app.
Follow these instructions on how to use the button. Instructions include using the button in your Outlook desktop application (installed), Outlook web app, and Outlook mobile app.
Don't see the Phish Reporter Button in your OWA? Follow these instructions to add it.
Note about the Phishing Awareness Program at Stanford: We recently started the process of switching to a new Phishing Awareness Program vendor. The main visible change for end users is that the Phish Reporter Button is different and the message pop-up when a phish is reported will have "Stanford | University IT" branding.
Once you click the Phish Reporter Button, you'll see a message thanking you for reporting.
If the message was sent as part of the Phishing Awareness Program (applicable for staff and faculty only), the message you see will confirm it was a training email.
2: Forward the email to email@example.com
Another option is to forward a suspected phishing or spam message to the email address firstname.lastname@example.org to be evaluated.
If a member of ISO reaches out to you about a report, you may be asked to forward the suspicious email again as an attachment. Get instructions at uit.stanford.edu/phishing/forwardspam.
If you report by forwarding the message, you will receive an auto-reply message as confirmation that the message sent successfully. You might not receive any additional response, but you can be assured that ISO will evaluate the threat and take necessary steps.
Let’s do this
Now that you know how and why to report suspected phishing emails, you’re prepared to use your skills for good! We can all help each other with this simple step.