Reporting Phishing Email
On this page:
Q: How can I report phishing to the IS&T Security Team?
Report Phishing with the Phish Alert Button
When viewing a phishing message in Outlook
- Click the Phish Alert button. If you do not see it, see how to enable it below.
Result: The reporting pane opens.
- Select the Phishing option. If you are suspicious about the email but unsure or would like to ask a question please use the comment box on the report. Click the Report Phishing button.
Result: The message is reported to MIT's security team.
When viewing a phishing message in O365 https://outlook.office.com
- Click the ... "More Options" menu and select Phish Alert.
You can make the button appear by default on the message surface (see below).
- If you are suspicious about the email but unsure or would like to ask a question please use the comment box on the report. Click the Report Phishing button.
Add the Phish Alert Button to the Surface View of O365 Messages
This button is always available in the "more options" section of your O365 messages (as above). For one-click reporting, you need to update your settings to show the button on the message pane.
- Login to O365 at https:outlook.office.com.
- At the top of the page, select Settings (gear icon) > View all Outlook settings.
- Select Mail > Customize actions.
- Scroll down to the "Message Surface" section and check the box next to "Phish Alert"
- Click Save.
Result: You will see the "Phish Alert" button on the surface of your messages as in this example. This example is not a phishing email and need not be reported. If this were a phishing message, you should click the button to report it.
You can add the button to other email clients as well. For more information, see: https://www.knowbe4.com/phish-alert
Add the Phish Alert Button to Outlook
- Go to:
- Windows: File > Options > General > Privacy Settings
- Mac: Outlook > Preferences > Privacy
- Check the box next to Turn on optional connected experiences
- Restart Outlook.
Report via email@example.com
Please report phishing emails to the IS&T Security team via firstname.lastname@example.org. We can take steps that will protect other users on the MIT network from falling victim to the phish. Note that these reports must originate from an mit.edu email address or they will be filtered out. Please do not cc: any other support-related email addresses.
It is important to note that the best way to report phishing is to forward the original message as an attachment. That will include all the technical details we need. Please take the time to follow these steps so that we can address the issue from as many angles as possible and track down the original source.