Phishing attacks are becoming increasingly commonplace; it’s no longer a question of ‘if’, but ‘when’. When you receive a phishing email, it’s important that you understand how to recognize the attack and take the appropriate action as outlined in your organization’s cybersecurity incident response plan. If you’re a Microsoft Outlook user, a common response to a potential phishing attack is utilizing the “Report Message” tool.

If you prefer video instruction, here’s a video of Aldridge CIO, Chad Hiatt, covering the “Report Message” tool for phishing:

How To Spot a Phishing E-Mail

Phishing emails come in a wide range of angles and sophistication. From poorly written emails asking you to buy gift cards to extremely realistic impersonations of trusted contacts sending you updated payment information. Regardless of the angle, phishing e-mails tend to have some common elements:

  • Attempting to appear to be from a trusted sender – someone or some organization that you’re familiar with
  • Requesting you to click on something
  • Urgent tone – want to rush you so you don’t have time to think about what you’re doing

It’s important that you are familiar with the main components of a phishing e-mail so even if you’re targeted with a new angle, you can still recognize it as a malicious email. Below is a more in-depth infographic covering common signs of phishing emails.

[infographic] How to Spot a Phishing E-Mail

How To Report a Phishing Email in Outlook

If you receive an e-mail that is raising red flags as a potential phishing e-mail it’s critical that you do not click on anything within the email. Instead, use the “Report Message” feature within Outlook. Reporting a phishing email using the “Report Message” tool does multiple things:

  • Removes the email from your inbox
  • Sends the message back to Microsoft to help improve their automated phishing detection systems
  • Protects your organization – if you’ve reported the message and Microsoft notices that other people in your organization have received the same message, they will pull that email from everyone’s inbox

This is how the “Report Message” tool appears:

Outlook Report Phishing Message

If you want to report a potential phishing message, click “Report Message”.

Microsoft Outlook Report Phishing Email

Select “Phishing” from the dropdown menu. The message should then disappear.

Cybersecurity is not just about what tools and technical security you have, it’s about your people and culture. If you want your business to be protected, security always needs to be part of the conversation. It is not a destination, it is a mindset. A key component of building that mindset is making sure your people are trained on how to protect your business and are regularly tested to ensure they’ve internalized their security training. If you’d like to learn more about security awareness training, check out this page.