Stay Informed

Phishing Detection and Reporting

Phishing Detection and Reporting

If you receive a phishing email

  • Never click any links or attachments in suspicious emails. If you receive a suspicious message from an organization and worry the message could be legitimate, go to your web browser and open a new tab. Then go to the organization’s website from your own saved favorite, or via a web search. Or call the organization using a phone number listed on the back of a membership card, printed on a bill or statement, or that you find on the organization’s official website.
  • If the suspicious message appears to come from a person you know, contact that person via some other means such as text message or phone call to confirm it.
  • Report the message (see below) – do NOT forward the message to anyone
  • Delete it.


How to report a phishing email

  • Microsoft Office Outlook Client – With the suspicious message selected, choose Report message from the ribbon, and then select Phishing. This is the fastest way to report it and remove the message from your Inbox, and it will help us improve our filters so that you see fewer of these messages in the future.
  • (web app) – Select the check box next to the suspicious message in your inbox. Select the arrow next to Junk, and then select Phishing.


What to do if you think you’ve been successfully phished

If you’re suspicious that you may have inadvertently fallen for a phishing attack, there are a few things you should do.

  1. While it’s fresh in your mind write down as many details of the attack as you can recall. Note any information such as usernames, account numbers, or passwords you may have shared (this is for your notes – DO NOT include passwords or account numbers in any reporting you do).
  2. Immediately change the passwords on those affected accounts, and anywhere else that you might use the same password. While you’re changing passwords you should create strong, unique passwords for each account.
  3. Confirm that you have multifactor authentication (MFA, also known as two-step verification) turned on for every account you can.
  4. If this attack affects your account, email with notification about the event – someone will contact you for further information. If you shared information about your credit cards or bank accounts, you may want to contact those companies as well to alert them to possible fraud.
  5. If you’ve lost money, or been the victim of identity theft, report it to local law enforcement. The details in step 1 will be very helpful to them.

View the resources below to learn more about spotting phishing emails and protecting yourself from them.



Mail this page!

Was this helpful?

Leave A Comment