Skip to content Skip to site navigation

How to Forward a Suspected Phishing Email to the Information Security Office

Important Notice:
Due to the volume of reports received on a daily basis, not all reports to the phishing mailbox are able to be given an individual reply. However, the Information Security Office does analyze the reports in aggregate to monitor for large scale attacks and identify malicious links that can be blocklisted on the campus network.

Please refrain from forwarding any spam emails. Instead, utilize your email client's native function to block them directly.

Instruction:
The information Security Office (ISO)'s preferred method to report phishing messages: 

1. Use the Phish Reporter button in Outlook. 
2. Forward email to phishing@stanford.edu.  

Sending email as attachments:
If a member of the Information Security Office reaches out to you about a report, you may be asked to forward the suspicious email again as an attachment. Below are instructions for doing so in various email applications:


Webmail:

  1. Create a new email message.
  2. Click the Open Separate Window icon Webmail email window icon at the top right corner of the new email message window. The email message opens as its own window within your browser.
  3. Organize your browser windows so you can see your list of emails and the new message window.
  4. Click and drag the suspicious email to the new message window. The suspicious email becomes an attachment to the new message. 
    Note: If your email is in Conversation view, the attachment will include all the messages within the conversation. To just attach a specific message, change your email display setting to Messages and then attach it.
  5. In the new message window To: line, enter the address of the requesting party or phishing@stanford.edu.
  6. Enter any relevant information in the message text box.
  7. Click Send.​

Microsoft Outlook:

  1. Create a new email message.
  2. Arrange your windows so you can see the main Outlook client window and the new message window.
  3. Click and drag the suspicious email from your Outlook window to the new message window. The suspicious email becomes an attachment to the new message.
  4. In the new message window To: line, enter the address of the requesting party or phishing@stanford.edu
  5. Enter any relevant information in the message text box.
  6. Click Send.

Gmail:

  1. From a browser, open Gmail.
  2. Open the suspicious email.
  3. Next to the Reply arrow icon , click the down arrow .
  4. Click Show original.
    The headers will show in a new window, including the authentication results field.
  5. Highlight and copy all of the text in the box below Download Original.
  6. Return to Gmail.
  7. Create a new email.
  8. Paste the contents of the text box into the message of the new email.
  9. Send the email to the requesting party or phishing@stanford.edu.

Inbox by Gmail:

  1. From a browser, open Inbox by Gmail.
  2. Open the suspicious email.
  3. Inside the email, click the more icon .
  4. Click Show original.
    The headers show in a new window, including the authentication results field..
  5. Highlight and copy all of the text in the box below Download Original.
  6. Return to Inbox by Gmail.
  7. Create a new email.
  8. Paste the contents of the text box into the message of the new email.
  9. Send the email to the requesting party or phishing@stanford.edu.
Last modified March 6, 2024