The PhishMe Reporter is an add-on to Microsoft Outlook 2016 or later, Outlook Web Access (OWA), and the Outlook mobile client. It is the standard and preferred method to report spam and phishing email messages and should be used whenever possible. It will report the suspicious message to the SF State Information Security Team with all of the necessary information, and delete it from the user's Inbox at the same time.
Who can use PhishMe Reporter?
This add-on is enabled for faculty and staff.
How to Report Spam and Phishing
When you have access to multiple email accounts
Add-ons such as the PhishMe Reporter are intended to be used with the primary email account in Outlook. Here are several workarounds:
- In Outlook, drag the offending message to the primary mailbox, and use the PhishMe button.
- In Outlook Web Access (OWA), "switch" into the shared mailbox account and then use the PhishMe button.
- Create a separate Outlook profile for the shared mailbox and log in to it using the delegated person credentials.
Using Outlook
- Open or preview the message
- Select the Report Phishing button at the top of the Outlook window. Note: If you do not see a Report Phishing link it may be because your Outlook is missing some Microsoft updates which add a Report Phishing link in the same way as Outlook Web Access. If this is the case either follow the OWA instructions or update your Outlook application (Help > Check for Updates).
- Check the correct message is being reported and select OK.
- If the message was a part of the PhishMe training exercise you will receive the feedback shown below that states “Good job! This email was part of our immersive phishing awareness education. Thank you for staying vigilant!” Otherwise, your message will be forwarded (with full headers) to the ITS Security Team and to the Microsoft Online Protection team.
Using Outlook Web Access (OWA)
- Open or preview the message
- If you are using the older version of OWA, select the Report Phishing icon as seen below:
If you are using "The new Outlook", see below: - Select the 3 dots to see the "More actions" menu choices
- Select the Report Phishing icon as shown below:
- Check that the correct message is being reported and select OK.
- If the message was a part of the PhishMe training exercise, you will receive the feedback shown below that reads, “Good job! This email was part of our immersive phishing awareness education. Thank you for staying vigilant!” Otherwise, your message will be forwarded (with full headers) to the ITS Security Team and to the Microsoft Online Protection team.
Using Outlook for iOS and Android
Outlook for iOS
Outlook for Android
Using non-standard applications
The following information details how to correctly report spam and phishing email sent to SF State email addresses.
Phishing Email from Internal, Compromised SF State Accounts
If a phishing/spam message originates from an internal, compromised SF State account, SF State should be notified. Compromised SF State accounts can only be resolved by SF State. Microsoft spam filtering does not scan messages sent from one SF State Exchange account to another. Please report compromised SF State accounts to the ITS Service Desk so we can stop the phishing message distribution as quickly as possible. To report compromised SF State accounts, forward a copy of the message with full headers to service@sfsu.edu.
Some messages are really spoofed messages: they look like they are from an internal account, but are actually sent using an external server. This can be identified from the message header. Spoofed messages should be reported to Microsoft. The ITS Service Desk can assist in identifying the spoofed messages.
Phishing Email from External Accounts
If the phishing/spam message originates from an external address/server, forward a copy of the message with full headers to abuse@sfsu.edu and abuse@messaging.microsoft.com. This will inform Microsoft, who can add it to the block list.
Forwarding with Headers/As an Attachment
Use the following instructions to report spam/phishing to the correct address:
- Thunderbird
- Open the email message you want to report
- Select Message > Forward As > Attachment
- Address the message to the correct recipient: service@sfsu.edu or abuse@sfsu.edu; abuse@messaging.microsoft.com
- Click Send
- Mac (Apple) Mail
- Open the email message you want to report
- Select View > Show all headers
- Click Forward
- Address the message to the correct recipient: service@sfsu.edu or abuse@sfsu.edu; abuse@messaging.microsoft.com
- Click Send
- Gmail
- Open the email message you want to report
- Select Show original from the More Options pull down
- Copy the text from the new window
- Paste the text into a new message
- Address the message to the correct recipient: service@sfsu.edu or abuse@sfsu.edu; abuse@messaging.microsoft.com
- Click Send
Information Security Awareness Program
The Information Security team has introduced an ongoing Information Security Awareness program for faculty and staff. This program is designed to help employees protect their sensitive information and that belonging to others. The program combines monthly advisory messages with phishing training exercises. For more information please see: Information Security Awareness program for faculty and staff.