Access Keys:
Skip to content (Access Key - 0)

Reporting Phishing Email

On this page:

Q: How can I report phishing to the IS&T Security Team?

The best and easiest way to report phishing is through the Phish Alert Button. Please do not report messages that are already in your Junk folder. If you email please see the instructions below and please do not cc: any other support-related email addresses. This will create duplicate tickets and slow down our response.

Report Phishing with the Phish Alert Button

When viewing a phishing message in Outlook

  1. Click the Phish Alert button. If you do not see it, see how to enable it below.



    Result: The reporting pane opens.



  2. Select the Phishing option. If you are suspicious about the email but unsure or would like to ask a question please use the comment box on the report. Click the Report Phishing button.
    Result: The message is reported to MIT's security team.

When viewing a phishing message in M365 https://outlook.office.com

  1. Click the ... "More Options" menu and select Phish Alert.



    You can make the button appear by default on the message surface (see below).

  2. If you are suspicious about the email but unsure or would like to ask a question please use the comment box on the report. Click the Report Phishing button.



Add the Phish Alert Button to the Surface View of M365 Messages

This button is always available in the "more options" section of your M365 messages (as above). For one-click reporting, you need to update your settings to show the button on the message pane.

  1. Login to M365 at https:outlook.office.com.
  2. At the top of the page, select Settings (gear icon) > View all Outlook settings.
  3. Select Mail > Customize actions.
  4. Scroll down to the "Message Surface" section and check the box next to "Phish Alert"




  5. Click Save.
    Result: You will see the "Phish Alert" button on the surface of your messages as in this example. This example is not a phishing email and need not be reported. If this were a phishing message, you should click the button to report it.

You can add the button to other email clients as well. For more information, see: https://www.knowbe4.com/phish-alert

Add the Phish Alert Button to Outlook

  1. Go to:
    • Windows: File > Options > General > Privacy Settings
    • Mac: Outlook > Preferences > Privacy
  2. Check the box next to Turn on optional connected experiences
  3. Restart Outlook.

Report via phishing@mit.edu

We strongly prefer the Phish Alert Button reports, but if you are unable to use the button you can report phishing emails to the IS&T Security team via forwarding the phishy email as an attachment to phishing@mit.edu. Note that these reports must originate from an mit.edu email address or they will be filtered out. Submissions without the .eml attachment may also be filtered out.

Please do not cc: any other support-related email addresses. This will create duplicate tickets and slow down our response.

It is important to note that the best way to report phishing is to forward the original message as an attachment. That will include all the technical details we need. Please take the time to follow these steps so that we can address the issue from as many angles as possible and track down the original source.

See also

IS&T Contributions

Documentation and information provided by IS&T staff members

Last Modified:

November 14, 2023

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
spam spam Delete
phishing phishing Delete
phishing-email phishing-email Delete
c-spam-filtering c-spam-filtering Delete
report report Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use
This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki