Spammers are becoming more sophisticated in their methods to get people to reveal sensitive information. Common examples include:
- Phishing scams are an attempt to steal information, such as usernames, passwords, or other personal information, by sending official-looking emails from University administration, the IRS, or other professional entities. A good rule of thumb is that any email that asks for personal information is likely fraudulent.
- Spam emails are often attempting to sell products or drive traffic to a website. Spam emails are considered more of an annoyance than malicious, though websites linked in spam emails could contain malware or viruses. You can delete the messages, create a rule to mark as spam, or report directly to Microsoft (see below).
- Social engineering attacks are methods that try to get people to correspond to an account that seems credible but isn't and reveal sensitive information or click on malicious links. See Social Engineering Attacks: Common Techniques & How to Prevent an Attack for more information.
- SMiShing is using text messages to either get someone to take action or click a link to compromise their account. See What is Smishing for more information.
Current phishing examples seen on campus: email, text message/SMS
Check these pages for some recent messages. If you get a suspicious email or text message but don't see it listed, do NOT assume it is safe.
See How to Recognize and Avoid a Phishing Scam for more details.
If you are having issues with spam phone calls, see Blocking Incoming Telephone Calls
Outlook for Windows users
- Click the down arrow on the Report Phishing button
- Click Phishing
Outlook on the web and Outlook for Mac users
- Click the Report button
- Select Report Phishing
Outlook mobile users
- Tap the three dots (...)
- Tap Report Junk
- Tap Phishing
For more information on the Report Message button, see Using the Report Message button
Forwarding the message as an attachment
From your Inbox, open the phishing message
Click the down arrow next to the More icon and click Forward as Attachment or press CTRL + ALT + F
(depending on your view, you may need to click the three dots (…) and select Forward as Attachment)
(Mac Outlook users -in the Inbox list, press CTRL+click on the message and choose Forward as Attachment)
This will now show as an empty email with the phishing email as an attachment.
Send the email to the email@example.com email address.
- Take a screenshot of the phishing text messages on your personal device:
- Send the screenshots to firstname.lastname@example.org, along with any other details about the messages, such as if they were sent to other individuals.
- If the SMS phishing message is sent to your email address, follow the steps for email phishing above to forward the email as an attachment. See Current SMS Phishing Examples for how to identify these types of messages.