Body
Report Phishing E-mail
Phishing emails are malicious messages that attempt to trick recipients into providing sensitive information or performing fraudulent tasks. Users can report any suspicious or malicious message to UL Lafayette IT Security Operations (ITSO) for review through the Report options in Outlook.
Phishing emails may
- Request information like passwords or personally identifiable information
- Attempt to direct users to malicious sites or downloads
- Impersonate users to perpetuate financial scams
- Use urgency or pressure to encourage recipients to respond to the message
All reported phishing messages are reviewed so that appropriate actions can be taken against phishing emails and malicious links. Your report is an effective and helpful way to help protect the UL Lafayette community from malicious messages!
More information about phishing and additional resources are available here: Phishing Scams
How to Report
The Report Phishing option is available by default on supported versions of Outlook. Select an option below to jump to the relevant section.
Outlook Desktop and Web Apps
Select the email in the message list or double click the message to open it in a new window. Use the "Report" dropdown on the ribbon to choose “Report Phishing.”
The appearance of the ribbon may differ slightly between platforms, but the “Report” dropdown with the “Report Phishing” option will have a similar appearance and location.
This example is from Microsoft 365 Outlook Classic on Windows
This example is from Outlook on the Web.
The “Report” options are also available after right clicking the email in the message list.
[back to top]
Outlook for iOS
Select the email and tap the “…” option at the top of the screen. From the menu, select “Report Junk”
From the pop-up, select “Phishing”
Additional information can be found at Microsoft's Support site.
Outlook for Android
Select the email and tap the “…” button at the top of the screen. From the menu, select "Report Phishing"
[back to top]
Other Reporting Options
If you are unable to submit a message as phishing through one of the Outlook reporting options above, forward the message to abuse@louisiana.edu directly or by adding the suspicious message as an attachment to an email to abuse@louisiana.edu.
If the forwarded message does not contain all the information for review, Security will coordinate with you to get any additional context needed to evaluate or remediate the phishing message.
What happens after a message is reported?
When a message is reported through Outlook, the reported message will be sent to deleted items, and the potential phishing message (which includes all message content, links, attachments, and headers) will be sent to UL Lafayette IT Security for assessment.
The reported message will be reviewed by security staff to determine if the message is malicious, safe, or spam.
- Malicious messages will be addressed by UL Lafayette IT Security support team. This may include blocking known malicious links and senders, removing malicious messages from the UL Lafayette environment, and monitoring for compromised accounts or other impacts. Users can expect to receive a response from UL Lafayette IT Security via a TeamDynamix response sent by email indicating that the message was phishing.
- Safe messages will be acknowledged to the reporting user. If UL Lafayette IT Security and Policy determines the message is safe and may require additional review, users can expect to receive a response from Security indicating that the message was safe and that it can be retrieved from the user’s deleted items folder.
- Spam messages that are not malicious in nature like unsolicited sales offers or newsletters will be discarded with no additional action. We recommend unsubscribing or configuring inbox rules/junk mail rules to address these messages. Reporting spam or junk mail to UL Lafayette IT Security will not prevent similar messages in the future.
- Messages reported as “junk” through the reporter are NOT sent to UL Lafayette ITSO and are only evaluated by Microsoft.
If you receive a follow up to a phishing report, you can always reply to the report response if you have additional questions or concerns that need to be addressed.
If you have any other questions, concerns, or issues with phishing messages or the phishing reporter, please contact the UL Lafayette IT Security team at abuse@louisiana.edu.
[back to top]