Reporting Suspicious or Malicious Email


Reporting email as suspicious or malicious

I believe an email may be phishing

Is this email a scam?


  • Outlook 365
  • Outlook Mobile for IOS
  • Outlook Mobile for Android


Click the Phish Alert Button (PAB) if you believe you have received a phishing email or any potentially dangerous email. Any emails you report using the PAB will be automatically deleted from your inbox. The emails you report will also be forwarded to our IT Security team for analysis. If deemed safe, the email will be returned to your inbox.


  1. If the email is in your Junk folder, you do not need to report it
  2. Click the suspicious email 
  3. Click Phish Alert    
    1. In Outlook, the Phish Alert Button will appear in the top banner 
      Note: If you need help finding PAB button in Outlook
    2. In Microsoft 365, the Phish Alert Button will appear in the drop-down menu on an open email, as shown below. 
      Note: If you need help finding the PAB button in Outlook Mobile
      • ​​​​​​​PAB Outlook
      • PAB Android
      • PAB iOS
  4. Click Report Phish
  5. If Phish Alert does not work, restart the computer

Note: When viewing an email in Outlook Mobile, you will need to click on the second More Options menu   or   and then select Phish Alert.  This will be located next to the sender's name and the subject of the message

Note: When viewing an email in, you will need to click on the More Actions menu    in the top right corner of the message and then select Phish Alert V2.  This will be located next to the Reply All  and Forward buttons.

Note:  Reporting Phishing from Shared Department Account
Note:  Sanford employees with a mail forward do not have the phish alert button


  1. Follow the steps in the Article Processing Malicious Emails Reported by Customers
  2. When a phishing email from our Phishing Campaign is reported from a Sanford employee with a mail forward, see article SSOM Successful Phishing Campaign
  3. Vendor reported a compromised credential Verifying reported credentials



100% helpful - 16 reviews


Article ID: 71
Mon 6/11/18 10:15 AM
Wed 10/18/23 9:43 AM
KCS Article Status
WIP: Only Problem & some Environment captured
Not Validated: Complete & Resolution captured, confidence lacks in structure, content, no feedback
Validated: Complete & reusable, used by licensed KCS user, confidence in resolution & std. compliance

Related Articles (4)

How to locate the phish alert button
How-to guide for using the phish alert button from a shared mailbox
USD ITS receives emails from regarding compromised credentials
If you notice suspicious activity on your account or have reason to believe your USD Account or USD email has been hacked/compromised, seek help immediately.

Related Services / Offerings (1)

This tool is intended to cut down the number of scam email messages that many University students, faculty, and staff receive every week.