Access Keys:
Skip to content (Access Key - 0)

Reporting Phishing Email

On this page:

Q: How can I report phishing to the IS&T Security Team?

Report Phishing with the Phish Alert Button

When viewing a phishing message in Outlook

  1. Click the Phish Alert button. If you do not see it, see how to enable it below.

    Result: The reporting pane opens.

  2. Select the Phishing option. If you are suspicious about the email but unsure or would like to ask a question please use the comment box on the report. Click the Report Phishing button.
    Result: The message is reported to MIT's security team.

When viewing a phishing message in O365

  1. Click the ... "More Options" menu and select Phish Alert.

    You can make the button appear by default on the message surface (see below).

  2. If you are suspicious about the email but unsure or would like to ask a question please use the comment box on the report. Click the Report Phishing button.

Add the Phish Alert Button to the Surface View of O365 Messages

This button is always available in the "more options" section of your O365 messages (as above). For one-click reporting, you need to update your settings to show the button on the message pane.

  1. Login to O365 at
  2. At the top of the page, select Settings (gear icon) > View all Outlook settings.
  3. Select Mail > Customize actions.
  4. Scroll down to the "Message Surface" section and check the box next to "Phish Alert"

  5. Click Save.
    Result: You will see the "Phish Alert" button on the surface of your messages as in this example. This example is not a phishing email and need not be reported. If this were a phishing message, you should click the button to report it.

You can add the button to other email clients as well. For more information, see:

Add the Phish Alert Button to Outlook

  1. Go to:
    • Windows: File > Options > General > Privacy Settings
    • Mac: Outlook > Preferences > Privacy
  2. Check the box next to Turn on optional connected experiences
  3. Restart Outlook.

Report via

Please report phishing emails to the IS&T Security team via We can take steps that will protect other users on the MIT network from falling victim to the phish. Note that these reports must originate from an email address or they will be filtered out. Please do not cc: any other support-related email addresses.

It is important to note that the best way to report phishing is to forward the original message as an attachment. That will include all the technical details we need. Please take the time to follow these steps so that we can address the issue from as many angles as possible and track down the original source.

See also

IS&T Contributions

Documentation and information provided by IS&T staff members

Last Modified:

January 19, 2023

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
spam spam Delete
phishing phishing Delete
phishing-email phishing-email Delete
c-spam-filtering c-spam-filtering Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
This product/service is:
Easy to use
Difficult to use

This article is:
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki