What is phishing?

Phishing is a cyber attack that uses disguised email as a weapon. The goal is to trick the email recipient into believing that the message is something they want or need a request from their bank, for instance, or a note from someone in their company and to click a link or download an attachment.

Step 1: Identify a Suspicious Email

Look for common signs of phishing or malicious emails:

  • Carefully notice the URL in the address bar: Attackers come up with domain names which look almost like the legitimate ones (Ex: www.amaz0n.com – notice its “0” not “o”). Urgent or threatening language.
    A screenshot of a computer AI-generated content may be incorrect.
  • Beware of forged/embedded links: To verify the legitimacy of the URL, move your cursor over the embedded link before even clicking it and observe the name carefully.
    A close-up of a computer screen AI-generated content may be incorrect.
  • Check the sender before opening or downloading any Attachments.
    A close-up of a web page AI-generated content may be incorrect.

Step 2: Use the “Report” Button (Microsoft 365)

  1. Select the suspicious email.
  2. Click the Reportbutton in the toolbar.
    • In Outlook Desktop: Home > Report Message > Phishing or Junk
    • In Outlook Web: Click More actions () > Report > Phishing

 

Step 3: Confirm and Submit

  • A confirmation window will appear.
  • Click Report to send the email to Microsoft and your security team.

Step 4: Delete the Email

  • After reporting, delete the email from your inbox and Deleted Items folder.