Think Big and Believe in the Possibility

How to report phishing emails (Microsoft Outlook)

How to report phishing emails (Microsoft Outlook)


Received a suspicious email and suspect it’s a phishing scam?


Reporting it is critical to safeguard your data and aid in combating cybercrime.


In this article, discover the immediate steps to take for an impactful phishing email report.


We outline how to navigate the reporting process via Outlook, contact companies when they’re impersonated, and involve legal channels.


Keep reading to learn how to identify, report, and protect yourself against phishing schemes.


Key Takeaways

  • Phishing attacks target sectors handling sensitive data, and identifying scams through sender analysis, content review, and link verification is essential for personal and organizational safety.


  • To report phishing in Outlook, mark suspicious emails as ‘Phishing’ under ‘Junk’ and block the sender; also report to entities like Anti-Phishing Working Group, FTC, and the impersonated organization, especially if financial data is compromised.


  • Implement VPNs and incident security measures like changing compromised passwords, using VPNs, and keeping antivirus software updated.


  • Educate your network and employ preventative strategies like spam filters, regular system updates, and security education.

Your Essential Guide to a Phishing Email Report: Spot, Avoid & Report Scams


Phishing originated in the chat rooms of the early internet but has evolved to become one of the most damaging cybercrimes we face today.


In 2020, a staggering 241,324 phishing cases were reported, marking a dramatic increase of approximately 110% from the previous year.


Unsurprisingly, the most common targets of phishing attacks are:

  • Financial institutions
  • Ecommerce platforms
  • IT companies
  • Social media platforms
  • Delivery services

These industries are targeted due to the valuable personal or financial information and sensitive data they handle.


Phishing scammers utilize a range of tactics in their phishing scam, which include:

  • Email phishing
  • Spear phishing
  • Smishing (text messages)
  • Vishing (voice)
  • Whaling

These tactics take advantage of different communication channels to deceive their victims.


By identifying these scams, steering clear of their traps, and reporting them promptly, we can play a role in protecting our personal and financial data and contribute to a safer internet environment.


Identifying Phishing Emails


Learning how to identify phishing emails is crucial for protection against such scams, akin to mastering the tactics of an opponent in a game of strategy.


Fortunately, these deceptive messages frequently contain discernible clues that can serve as warnings of their nefarious purposes.


Through scrutinizing sender information, evaluating the contents within the email and thoroughly checking links before engaging with them, we can steer clear from becoming victims of phishing schemes.


Recognize Suspicious Senders


Have you ever received an email that purportedly comes from a ‘reputable company’, yet something didn’t quite add up?


Legitimate organizations typically use their own email domains for official communications, not public email services like Gmail.


If there’s a mismatch between the sender’s email address and the organization they claim to represent, it’s often a clear indicator of a phishing attempt.



Scammers can be crafty. They may use variations or misspellings of legitimate domain names to appear trustworthy.


For instance, an email from ‘info@paypa1.com’ might look genuine at first glance, but the numeral ‘1’ replacing the letter ‘l’ reveals the scam.


Also beware of emails starting with general or unfamiliar greetings, another common sign of a phishing attempt.


Analyze Email Content


Phishing emails commonly employ a sense of urgency combined with slight typographical errors to prompt immediate action.


These messages may falsely alert you that your bank account is in jeopardy and insist that by following a link to update your details on a deceptive phishing site, you can prevent the closure of your account.


Often, these communications aim to obtain personal data such as passwords or banking information.


Be wary if an email makes outlandish requests—such as unexpected internal correspondences bearing attachments or fraudulent web pages soliciting login credentials—which should serve as clear indicators of phishing attempts.


Always watch for signs like shoddy spelling or grammatical mistakes.


Unlike phishing emails, reputable institutions produce polished and error-free communication material.


Verify Before You Click


Phishing attempts can involve malicious web links and attachments designed to capture personal information or infect systems with malware.


So, before you click a link or open an attachment, verify its legitimacy.


Hover your mouse pointer over hyperlinks in emails to view the true destination URL without clicking.


You can check this at the bottom of most browsers or in a pop-up on mobile devices.


Don’t let your guard down if some links in a suspicious email appear credible; scammers often mix in legitimate links to lend credibility to their phishing trap.


Use online security services like VirusTotal to scan suspicious links and attachments for malware, providing a detection ratio to gauge the threat level.


Remember, never open email attachments unless you are certain they come from a trusted source.


Steps to Report Phishing Emails


Upon recognizing a phishing email, the immediate step to take is to report it.


Taking this measure not only safeguards your own security, but also assists in shielding others from falling prey to such scams.


This act of reporting is akin to warning those around you about an active thief.


These phishing emails can be reported to entities such as the Anti-Phishing Working Group (APWG), the Federal Trade Commission (FTC), and the company being mimicked by phishers.


Let’s explore how one should go about making such reports.


Reporting to Email Providers


It’s essential to inform your email service provider about phishing attempts.


On Gmail, this can be done by clicking the triangle dropdown located at the upper-right corner of a suspicious email and then selecting ‘Report phishing’.


For those using Outlook.com, you should select the suspicious message first and then navigate through ‘Junk’ > ‘Phishing’ > ‘Report’, which alerts Microsoft about the incident.


Just reporting a phishing attempt won’t prevent Emails from that sender.


To avoid future correspondence with such entities on Outlook.com, you need to add them to your blocked senders’ list.


As for users with Microsoft 365 Outlook accounts, they have an option called ‘Report message’, where they can subsequently choose ‘Phishing’ as their report category after experiencing a phishing attack.


Contacting the Impersonated Entity


It’s essential to reach out directly to the genuine entity that a phishing attempt is mimicking.


When reporting an instance of phishing, make sure you use contact information sourced from trustworthy places like the company’s official website rather than any details provided in the suspicious email itself.


Should there be a risk of banking fraud or credit card issues arising from a phishing attack, it is imperative to alert the relevant financial institutions without delay.


Prompt notification enables them to rapidly secure your accounts and conduct necessary inquiries into the occurrence.


Notifying Legal Authorities


It’s crucial to involve law enforcement officials in the pursuit and prosecution of phishing culprits.


You can inform the Federal Trade Commission about a phishing attempt by using their online complaint form at FTC.gov/Complaint.


The Anti-Phishing Working Group—a collective that works with security vendors as well as law enforcement agencies—advocates for individuals to send any received phishing attempts directly to reportphishing@apwg.org.



Should you fall victim to a phishing attack leading to financial loss or identity theft, it is imperative that you alert your local law enforcement authorities regarding the incident.


In instances where personal information may have been compromised due to a scammer’s actions, IdentityTheft.gov provides detailed guidelines on how one should proceed to recover from such an event.


Protecting Your Accounts Post-Phishing Attempt


Escaping a phishing attempt without any damage certainly provides peace of mind.


The process doesn’t stop at that point. It’s crucial to implement safeguards for your accounts to deter subsequent attacks.


We will explore strategies for enhancing your security protocols and notifying those within your network about the recent phishing attempt.


Update Security Measures


After a phishing attempt, it’s crucial to update any passwords that might have been compromised.


Implementing security measures such as a virtual private network (VPN) for remote users can help block unauthorized access attempts and alert IT departments to potential threats.



Keeping your antivirus software current is another vital step in defending against new security threats that may emerge from phishing attempts.


Using multi-factor authentication on accounts significantly enhances security by relying on more than just a password for account access.


These measures act as a formidable shield against future phishing attacks.


Alert Your Network

Once you’ve fortified your accounts, it’s essential to alert your network.


Notify friends, family members, and colleagues about the attempted phishing because they might be the next victims.


This will not only help safeguard them, but also fosters a community of individuals who are aware and can work together to fend off phishing attacks.


Preventative Strategies Against Phishing


In addressing phishing, it is far better to prevent than to seek a remedy after the fact.


To avoid these scams from the outset, we should consider adopting strategies such as utilizing spam filters, maintaining frequent updates of systems, and investing in education for employees.


Implement Spam Filters and Security Protocols


Spam filters are your first line of defense against dangerous emails.


They block these emails using a variety of methods, like content filters that analyze text and blacklist filters that block known spammers.


Regularly updating these filters is essential to counteract spammers who constantly change their tactics.


To further enhance your protection, it’s important to report spam when you encounter it.


Security protocols, like Spoof Intelligence in Microsoft Outlook, flag unverified senders and defend users from falling prey to phishing through malicious links and attachments.


Implementing such measures can significantly minimize the risk of phishing attacks.


Regularly Update Systems


Regular system updates are crucial as they not only enhance the performance and efficiency of your systems, but also incorporate fixes for security loopholes which phishers might take advantage of.


These updates serve to shield against various security dangers.


By activating automatic updates, you guarantee that your devices and software acquire the most current safeguards promptly, eliminating the necessity for manual updating.


This continuous upgrade process provides constant defense against attempts at phishing.


Educate Yourself and Others


Education serves as a potent defense against phishing attacks.


It is reported by organizations that 85% of unintentional data breaches happen when employees unwittingly divulge sensitive information to phishers.


Consistent training enables staff members to identify and elude the traps set by fraudulent messages and solicitations.



Phishing awareness is equally critical in educational spheres, with 60% of these institutions having faced phishing attacks during the year 2020.


If we educate every participant within this community, it’s possible to establish an environment free from phishing threats, thereby safeguarding delicate information.


Navigating Phishing Scams on Social Media


Phishing attempts are prevalent, even on social media networks.


Scammers craft messages that appear to come from reputable companies, using official logos and compelling stories to lure individuals into clicking on dangerous links or attachments.


To safeguard oneself against these fraudulent activities, it is vital to verify the legitimacy of any message received through social media by reaching out directly to the company via their legitimate contact points.


Services such as Instagram offer mechanisms for users to flag suspect direct messages.


This includes those text message schemes that have all the hallmarks of phishing endeavours.


When you report these kinds of scams, you assist in enabling these platforms to take immediate measures against scammers and help shield fellow members from becoming victims of similar deceptive tactics.




Phishing scams are a pervasive threat in our increasingly digital world.


However, by learning to spot such scams, implementing robust security measures, and reporting suspicious activities, we can effectively fend off these cyber threats.


Let’s continue to stay vigilant, educate ourselves and others, and make the internet a safer place for everyone.


Frequently Asked Questions


Where do I report

phishing emails?


You should forward phishing emails to reportphishing@apwg.org to report them, and also notify the company or person that is being impersonated about the phishing attempt.


This will help in combating phishing activities



Is it worth reporting phishing emails?


Yes, it’s worth reporting phishing emails because it reduces the amount of scam communications you receive and helps protect others from cybercrime.


What are the most common targets of phishing attacks?


The most common targets of phishing attacks are financial institutions, ecommerce, IT companies, social media, and delivery services, because they handle valuable financial and sensitive data.


How can I identify a phishing email?


Be vigilant for telltale signs of a phishing email, such as:

  • questionable sender addresses,


  • pressurizing language that demands immediate action,


  • solicitation of confidential information, and


  • always double-check links before engaging with them.

Exercise caution and prioritize your digital security.


What should I do after a phishing attempt?


After a phishing attempt, it’s important to update your passwords, enhance security measures, monitor accounts for unusual activity, and alert your network.