This site requires JavaScript to be enabled

Reporting Spam and Phishing

99 views

The PhishMe Reporter is an add-on to Microsoft Outlook 2016 or later, Outlook Web Access (OWA), and the Outlook mobile client. It is the standard and preferred method to report spam and phishing email messages and should be used whenever possible. It will report the suspicious message to the SF State Information Security Team with all of the necessary information, and delete it from the user's Inbox at the same time.

Who can use PhishMe Reporter?

This add-on is enabled for faculty and staff.

How to Report Spam and Phishing

When you have access to multiple email accounts

Add-ons such as the PhishMe Reporter are intended to be used with the primary email account in Outlook. Here are several workarounds:

  1. In Outlook, drag the offending message to the primary mailbox, and use the PhishMe button.
  2. In Outlook Web Access (OWA), "switch" into the shared mailbox account and then use the PhishMe button.
  3. Create a separate Outlook profile for the shared mailbox and log in to it using the delegated person credentials.

Using Outlook

  1. Open or preview the message
  2. Select the Report Phishing button at the top of the Outlook window. Note: If you do not see a Report Phishing link it may be because your Outlook is missing some Microsoft updates which add a Report Phishing link in the same way as Outlook Web Access. If this is the case either follow the OWA instructions or update your Outlook application (Help > Check for Updates).
    Outlook Mac 2016 Report Phishing icon
  3. Check the correct message is being reported and select OK.
    Click OK to report this email to our Information Security Team.
  4. If the message was a part of the PhishMe training exercise you will receive the feedback shown below that states “Good job! This email was part of our immersive phishing awareness education. Thank you for staying vigilant!” Otherwise, your message will be forwarded (with full headers) to the ITS Security Team and to the Microsoft Online Protection team.
    Message that is received if the email was in fact phishing.

Using Outlook Web Access (OWA)

  1. Open or preview the message
  2. If you are using the older version of OWAselect the Report Phishing icon as seen below:
    Old version of OWA Report Phishing icon
    If you are using "The new Outlook", see below:
  3. Select the 3 dots to see the "More actions" menu choices
    New OWA 3 dots for more action
  4. Select the Report Phishing icon as shown below:
    New Outlook Report Phishing icon in long menu
  5. Check that the correct message is being reported and select OK.
    Click OK to report this email to our Information Security Team.
  6. If the message was a part of the PhishMe training exercise, you will receive the feedback shown below that reads, “Good job! This email was part of our immersive phishing awareness education. Thank you for staying vigilant!” Otherwise, your message will be forwarded (with full headers) to the ITS Security Team and to the Microsoft Online Protection team.
    Message received if the email was in fact phishing.

Using Outlook for iOS and Android

Outlook for iOS

Report Phishing in Outlook for iOS

Outlook for Android

Report Phishing in Outlook for Android

Using non-standard applications

The following information details how to correctly report spam and phishing email sent to SF State email addresses.

Phishing Email from Internal, Compromised SF State Accounts

If a phishing/spam message originates from an internal, compromised SF State account, SF State should be notified. Compromised SF State accounts can only be resolved by SF State. Microsoft spam filtering does not scan messages sent from one SF State Exchange account to another. Please report compromised SF State accounts to the ITS Service Desk so we can stop the phishing message distribution as quickly as possible. To report compromised SF State accounts, forward a copy of the message with full headers to service@sfsu.edu.

Some messages are really spoofed messages: they look like they are from an internal account, but are actually sent using an external server. This can be identified from the message header. Spoofed messages should be reported to Microsoft. The ITS Service Desk can assist in identifying the spoofed messages.

Phishing Email from External Accounts

If the phishing/spam message originates from an external address/server, forward a copy of the message with full headers to abuse@sfsu.edu and abuse@messaging.microsoft.com. This will inform Microsoft, who can add it to the block list.

Forwarding with Headers/As an Attachment

Use the following instructions to report spam/phishing to the correct address:

  1. Thunderbird
    1. Open the email message you want to report  
    2. Select Message > Forward As > Attachment 
    3. Address the message to the correct recipient: service@sfsu.edu or abuse@sfsu.eduabuse@messaging.microsoft.com
    4. Click Send
  2. Mac (Apple) Mail
    1. Open the email message you want to report 
    2. Select View > Show all headers
    3. Click Forward
    4. Address the message to the correct recipient: service@sfsu.edu or abuse@sfsu.eduabuse@messaging.microsoft.com
    5. Click Send
  3. Gmail
    1. Open the email message you want to report 
    2. Select Show original from the More Options pull down
    3. Copy the text from the new window
    4. Paste the text into a new message
    5. Address the message to the correct recipient: service@sfsu.edu or abuse@sfsu.eduabuse@messaging.microsoft.com
    6. Click Send

Information Security Awareness Program

The Information Security team has introduced an ongoing Information Security Awareness program for faculty and staff. This program is designed to help employees protect their sensitive information and that belonging to others. The program combines monthly advisory messages with phishing training exercises. For more information please see: Information Security Awareness program for faculty and staff.