Phishing

Phishing is a cyber-attack which tries to trick you into giving away personal, business, or other valuable information. It’s the most frequent form of cyber-attack at the University of Exeter, so it’s essential to know how to spot and report phishing attacks.

What is a phishing attack?

  • Phishing attacks are often email messages which are designed to look genuine. It's easy for attackers to forge the “sender address” or use similar links, so they can be very convincing. 
  • QR codes are also a popular tool for phishing attacks. When you scan the QR code, you’re redirected to an imposter website. 
  • Attacks are often trying to obtain bank details, usernames and passwords, business or research data, or other important information. They can use these details to commit crimes such as stealing money, identity fraud, or carrying out more advanced cyberattacks. 

Reporting Phishing

Outlook (legacy)

Ensure the message is selected in Outlook, then from the toolbar choose Report Message as shown:

Screenshot showing the Outlook toolbar with the Report Message option clicked

Select either Junk or Phishing as appropriate; you will see the following message, highlighted in red below, display for a few seconds at the top of the email.

Screenshot showing Outlook processing an email as a result of being reported as phishing

 

The email will be moved to your Deleted Items folder and flagged to IT Security Operations for further investigation.

Outlook (new or browser)

If you are using the most recent version of Outlook (or Outlook in a web browser), please follow the below steps to report a Phishing email.

Ensure the email is selected and choose Report from the ribbon as shown below.

Screenshot showing how to report phishing from the browser version of Outlook

 

The following message will display.

 Screenshot showing the message displayed when a user reports an email as phishing via a browser

​​​​​​Click Report, and then OK on the subsequent message; the email will be moved to your Deleted Items folder and flagged to IT Security Operations for further investigation.

Outlook on Android

If you are using Outlook on your Android device please use the following steps.

 

Select the message and tap on the ellipsis (⋮) at the top of the screen.

Screenshot showing the first step of reporting a phishing email on a smartphone

 

Choose Report junk from the dropdown menu.

Screenshot showing the second step of reporting a phishing email on a smartphone

 

Choose either Junk or Phishing as appropriate.

Screenshot showing the third step of reporting a phishing email on a smartphone

 

The email will be moved to your Deleted Items folder and flagged to IT Security Operations for further investigation.

Outlook on iOS

If you are using Outlook on your iOS device please use the following steps.

 

Select the message, tap on the ellipsis (...) at the top of the screen and choose Report Junk from the dropdown menu.

Screenshot showing the first step to report a phishing email on Outlook for iOS

Choose either Junk or Phishing as appropriate.

Screenshot showing the second step to report a phishing email on Outlook for iOS

 

C‌onfirm by tapping on Report.

Screenshot showing the third step to report a phishing email on Outlook for iOS

 

The email will be moved to your Deleted Items folder and flagged to IT Security Operations for further investigation.

 

If an email is suspicious, it’s useful to remember “EMAIL”:

  1. Expected 
    Phishing emails often use urgent or attention-grabbing messages. Did you expect to receive it? 

  1. Message 
    Look for poor spelling and grammar. Is the message asking you to do something unusual? 

  1. Attachments 
    Some phishing attacks hide a QR code inside a text document. Are any suspicious files attached? 

  1. Identity 
    If an email comes from outside the organisation, Outlook will show a mail tip to let you know. Do you recognise the sender address? 

  1. Links 
    You can hover over links to see where they lead without clicking on them. Are there links to suspicious or unknown websites?