Using the Report Phish button in Outlook

Overview

The Report Phish button in Outlook provides a new way to report suspicious email messages to the UO Information Security Office. This article includes the following information:

Requirements

Starting in early December 2021 the Report Phish button will be made available for all members of the UO community who:

Note: The Report Phish button will work only when someone accesses their own email account directly, not when they use delegated access to review someone else's email.

If you believe you meet the above requirements and you're not seeing the Report Phish button, please submit a ticket at Email and Calendar Help.

The Report Phish button isn't available to Webmail users, even if you use the Outlook application to access your email. Students on Webmail who want to switch to UOmail can visit the UOmail for Students webpage.

Finding the Report Phish button

In Outlook for Windows

Click on the message you want to report. In the toolbar, locate the Home tab to find the Report Phish button. 

Home tab with Report Phish button highlighted

In Outlook for macOS

To report an email using Outlook macOS client, click on the message you want to report. Click on the ellipsis (three dots) in the upper right hand corner under the time and select Report Phish.

Options Menu with Report Phish highlighted

Note: You may add the Report Phish button to the tool bar, by selecting Customize Toolbar... and dragging the button to the tool bar.

In the Outlook app on a mobile device

Click on the message you want to report. Click on the ellipsis (three dots) on the right side of the page (This is the same menu you would use to reply to the message).

Then select Report Phish in the menu. 

Report Phish button with the Outlook mobile app

In Outlook on the web

In Outlook on the web (via uomail.uoregon.edu), click on the message you want to report. Click on the ellipsis (three dots) on the right side of the page (This is the same menu you would use to reply to the message). Select Report Phish in the menu.

Ellipsis menu with the Report Phish option highlighted

Using the Report Phish button

Deciding whether to report a message

The Report Phish button should only be used to report emails you believe are malicious phishing attempts, not spam. When in doubt, please report the message.

  • Phishing is a malicious attempt to obtain sensitive information by disguising as a trustworthy website, person, or company. Personal information—such as a password, credit card, bank account number, or Social Security number—is an example of information attackers in a phishing campaign might seek.
  • Spam is unsolicited commercial email, sent to recipients in bulk. Often spam messages are from a company trying to sell you something. While these emails can be a nuisance, they are not considered malicious.

Reporting a message

  • Once you've decided to report the message, look for the Report Phish button either within the message preview pane or in the toolbar.
  • In the dropdown menu that appears, click Report Phish.
  • If the Information Security Office has already deemed the message safe, you'll get a popup message to that effect.
  • Otherwise, you'll be asked to confirm that you want to report the message.
  • If you click yes, two things will happen to the message:
    • It will be forwarded to the Information Security Office for review.
    • It will be automatically moved to your junk folder. (If the email turns out to be legitimate and you later need it, you can move it back to your inbox.)

Removing the Report Phish button

  • If you want to remove the Report Phish button from Outlook, you can disable the add-in. You may see it referred to as both "Report Phish" and "PhishAlarm."
  • You can still report phishing to the Information Security Office by forwarding suspicious messages to phishing@uoregone.edu. 

Details

Article ID: 138896
Created
Fri 10/22/21 1:24 PM
Modified
Tue 11/23/21 3:08 PM