Phishing emails are messages that are meant to look legitimate, however are often used to steal your credentials or install malicious software to your device.
We run training on phishing emails twice per year, this article is to advise users on how best to report phishing emails.
There are two ways to report:
- Using the PhishAlert button in Outlook or Webmail
- Forward the email to the IT Helpdesk
For the vast majority of Phishing emails, please use the phish alert button, which looks like this:
Click this, then click the blue button that will appear. This will place the email in a queue for review by IT Staff, and will also advise you if the email was a simulation.
If you believe an email is legitimate, but would like the IT Helpdesk to verify this for you, please forward the email to [email protected] and include a note stating this.
IT Staff can safely check links and attachments in the email, as well as verify the sender address and will report back to you.
Remember these key facts when opening emails:
- Ensure the sender address is correct, dont just look at the name (eg. Laurence Burt <[email protected]> would not be a legitimate email)
- Hover your mouse cursor over any links and check the domain name looks correct before clicking on any. (https://www.microsoft.com/xxxxx is safe, https://www.micr0soft.com/xxxx would not be)
- Do not open attachments unless you are expecting them, or unless you can safely trust the sender after checking the details above.
- If in any doubt, pick up the phone and confirm with the sender that they have sent the email. This is particularly true of invoices, or if senior management asks you to buy gift cards, as these are common attack vectors.