Skip to main content



Phishing is a cyber-attack which tries to trick you into giving away personal, business, or other valuable information. It’s the most frequent form of cyber-attack at the University of Exeter, so it’s essential to know how to spot and report phishing attacks.

Report phishing

If you notice a suspicious email, you should report it using the report feature built into Outlook.

  1. Select the message > Report Message (in the toolbar or ribbon at the top) > Phishing

You can use Outlook on the web to report emails even if you don’t normally use the Outlook app.

  1. Right-click on the message > Report > Report phishing

An illustration of an open mail envelope with a document at the top

What is a phishing attack? 

  • Phishing attacks are often email messages which are designed to look genuine. It's easy for attackers to forge the “sender address” or use similar links, so they can be very convincing. 
  • QR codes are also a popular tool for phishing attacks. When you scan the QR code, you’re redirected to an imposter website. 
  • Attacks are often trying to obtain bank details, usernames and passwords, business or research data, or other important information. They can use these details to commit crimes such as stealing money, identity fraud, or carrying out more advanced cyberattacks. 

Protect yourself against phishing 

There are simple steps you can take to protect yourself, other people, and the organisation from phishing attacks. 

If an email is suspicious, it’s useful to remember “EMAIL”: 

  1. Expected 
    Phishing emails often use urgent or attention-grabbing messages. Did you expect to receive it? 

  1. Message 
    Look for poor spelling and grammar. Is the message asking you to do something unusual? 

  1. Attachments 
    Some phishing attacks hide a QR code inside a text document. Are any suspicious files attached? 

  1. Identity 
    If an email comes from outside the organisation, Outlook will show a mail tip to let you know. Do you recognise the sender address? 

  1. Links 
    You can hover over links to see where they lead without clicking on them. Are there links to suspicious or unknown websites?