Spammers are becoming more sophisticated in their methods to get people to reveal sensitive information.  Common examples include: 

  1. Phishing scams are an attempt to steal information, such as usernames, passwords, or other personal information, by sending official-looking emails from University administration, the IRS, or other professional entities. A good rule of thumb is that any email that asks for personal information is likely fraudulent.
  2. Spam emails are often attempting to sell products or drive traffic to a website. Spam emails are considered more of an annoyance than malicious, though websites linked in spam emails could contain malware or viruses. You can delete the messages, create a rule to mark as spam, or report directly to Microsoft (see below).
  3. Social engineering attacks are methods that try to get people to correspond to an account that seems credible but isn't and reveal sensitive information or click on malicious links. See Social Engineering Attacks: Common Techniques & How to Prevent an Attack for more information. 
  4. SMiShing is using text messages to either get someone to take action or click a link to compromise their account.  See What is Smishing for more information.

Check these pages for some recent messages. If you get a suspicious email or text message but don't see it listed, do NOT assume it is safe.

Current phishing examples seen on campus: email, text message/SMS

See How to Recognize and Avoid a Phishing Scam for more details.

If you are having issues with spam phone calls, see Blocking Incoming Telephone Calls

 

How to report a phishing scam to UI Phishing Team

Outlook for Windows users

  1. Click the down arrow on the Report Phishing button 

    report a message button in Outlook
  2. Click Phishing

Outlook on the web and Outlook for Mac users

  1. Click the Report button  

    Report Phishing button in Outlook
  2. Select Report Phishing

Outlook mobile users

  1. Tap the three dots (...)
  2. Tap Report Junk
  3. Tap Phishing

For more information on the Report Message button, see Using the Report Message button

Forwarding the message as an attachment

  1. From your Inbox, open the phishing message
  2. Click the down arrow next to the More icon and click Forward as Attachment or press CTRL + ALT + F
    (depending on your view, you may need to click the three dots (…) and select Forward as Attachment)
    (Mac Outlook users -in the Inbox list, press CTRL+click on the message and choose Forward as Attachment)
Forwarding a message sent as an attachment in Outlook

  OR 

Forward as attachment button in Outlook
  1. This will now show as an empty email with the phishing email as an attachment. If you want a response from IPRO, then you must make sure that the body of the email you’re sending contains at least one sentence that poses a question. For example, "Is this spam?" This can be placed in the subject as well.
  2. Send the email to the ui-phishing@uiowa.edu email address.

Please note:

How to report an SMS phishing scam to UI Phishing Team
  1. Take a screenshot of the phishing text messages on your personal device:
  2. Send the screenshots to ui-phishing@uiowa.edu, along with any other details about the messages, such as if they were sent to other individuals.
  3. If the SMS phishing message is sent to your email address, follow the steps for email phishing above to forward the email as an attachment. See Current SMS Phishing Examples for how to identify these types of messages.

How to report Spam to Microsoft
  1. Select the message that is junk and move it to the Junk Email folder. Moving a message to the Junk Email folder will automatically be reported to Microsoft.

OR

  1. Use the Report Message Add-In feature

For more information about managing your Junk Email, see How Do I Manage Junk Email and Spam?

Response from IRPO

After you have attached the suspected phishing email as an .msg (preferred) or .eml attachment and to ui-phishing@uiowa.edu, you will receive an email response from it-security@uiowa.edu when IPRO is done analyzing the message you reported

The response time will vary depending on multiple factors:

  • The position of your message in the queue
  • The size/character length of the message’s body that you want IPRO to analyze
  • System resources or network latency
  • Third-party API issues

Note: Please be aware that reported emails are evaluated by an LLM/AI. Therefore, the results outlined may be inaccurate. 

Example IRPO message: 

Screen shot of an email from the IT Security office showing the forwarded email is spam
Last updated
Article number
2631