How to Report a Phishing Scam or a Spam Email

Spammers are becoming more sophisticated in their methods to get people to reveal sensitive information.  Common examples include: 

  1. Phishing scams are an attempt to steal information, such as usernames, passwords, or other personal information, by sending official-looking emails from University administration, the IRS, or other professional entities. A good rule of thumb is that any email that asks for personal information is likely fraudulent.
  2. Spam emails are often attempting to sell products or drive traffic to a website. Spam emails are considered more of an annoyance than malicious, though websites linked in spam emails could contain malware or viruses. You can delete the messages, create a rule to mark as spam, or report directly to Microsoft (see below).
  3. Social engineering attacks are methods that try to get people to correspond to an account that seems credible but isn't and reveal sensitive information or click on malicious links. See Social Engineering Attacks: Common Techniques & How to Prevent an Attack for more information. 
  4. SMiShing is using text messages to either get someone to take action or click a link to compromise their account.  See What is Smishing for more information.

Current phishing examples seen on campus: email, text message/SMS

Check these pages for some recent messages. If you get a suspicious email or text message but don't see it listed, do NOT assume it is safe.

 

See How to Recognize and Avoid a Phishing Scam for more details.

If you are having issues with spam phone calls, see Blocking Incoming Telephone Calls

 

Outlook for Windows users

  1. Click the down arrow on the Report Phishing button 
    report phishing button outlook windows
  2. Click Phishing

Outlook on the web and Outlook for Mac users

  1. Click the Report button  
    report message button
  2. Select Report Phishing

Outlook mobile users

  1. Tap the three dots (...)
  2. Tap Report Junk
  3. Tap Phishing

For more information on the Report Message button, see Using the Report Message button

Forwarding the message as an attachment

  1. From your Inbox, open the phishing message

  2. Click the down arrow next to the More icon and click Forward as Attachment or press CTRL + ALT + F
    (depending on your view, you may need to click the three dots (…) and select Forward as Attachment)
    (Mac Outlook users -in the Inbox list, press CTRL+click on the message and choose Forward as Attachment)

  OR 

  1. This will now show as an empty email with the phishing email as an attachment.

  2. Send the email to the ui-phishing@uiowa.edu email address.

 

Please note:

  1. Take a screenshot of the phishing text messages on your personal device:
  2. Send the screenshots to ui-phishing@uiowa.edu, along with any other details about the messages, such as if they were sent to other individuals.
  3. If the SMS phishing message is sent to your email address, follow the steps for email phishing above to forward the email as an attachment. See Current SMS Phishing Examples for how to identify these types of messages.

  1. Select the message that is junk and move it to the Junk Email folder. Moving a message to the Junk Email folder will automatically be reported to Microsoft.

OR

  1. Use the Report Message Add-In feature

For more information about managing your Junk Email, see How Do I Manage Junk Email and Spam?

Article number: 
558
Last updated: 
March 14, 2023
Service: 
Phishing and Anti-Spam Efforts
Category: 
Get Started