Do You Know How to Report a Suspicious Email?

November 17th, 2022
Do You Know How to Report a Suspicious Email?


Should you call the help desk, or forward it?
Should you forward to IT including all headers?
Delete and not report it, forfeiting a possible early warning?

If you have ITS Security Awareness Training, you should have a Phish Alert button in your Outlook that provides a safe way to forward email threats to the security team for analysis and deletes the email from your inbox to prevent future exposure. All with just one click!

Employees Report Phishing Emails With One Click

  • Reinforces your organization’s security culture, users can report suspicious emails with one click.
  • When the user clicks the Phish Alert button on a non-simulated phishing email, the email will be directly forwarded to your Incident Response team.

Phish Alert Benefits

  • When the user clicks the Phish Alert button on a simulated Phishing Security Test, this user’s correct action is reported.
  • Incident Response gets early phishing alerts from users, creating a network of “sensors”.

Phish Alert Button Messages After Reporting Suspicious Emails


Email is deleted from the user's inbox to prevent future exposure

Further Enhance Your Management of Social Engineering Threats

  • Continue to push down your user’s Phish-prone percentage.
  • Reporting of both simulated and real phishing emails involves users even more.
  • Your Incident Response Team can act faster on possible real phishing attacks.

If you receive a phishing email

  • Never click any links or attachments in suspicious emails. If you receive a suspicious message from an organization and worry the message could be legitimate, go to your web browser and open a new tab. Then go to the organization's website from your own saved favorite, or via a web search. Or call the organization using a phone number listed on the back of a membership card, printed on a bill or statement, or that you find on the organization's official website.
  • If the suspicious message appears to come from a person you know, contact that person via some other means such as text message or phone call to confirm it.
  • Report the message.
  • Delete it.