Help identify phishing attacks: Report suspicious emails using Outlook tools

Purdue had 1.5 billion emails sent its way in 2019 and approximately 1.1 billion were deemed threat messages and blocked. 
 
Still, some malicious messages get through Purdue’s email filtering. The faster Purdue security staff can learn of suspicious threats, the faster it can respond to prevent an attack or breach. 
 
Faculty, staff and students can all report questionable emails with a simple click of a button – allowing security staff to combat the onslaught of malicious messages that could allow cybercriminals to access information like bank account numbers, academic and health data, and more. 

See related: Protect your email, help end phishing attacks: Microsoft MFA to be required soon

The desktop and web versions of Outlook for Office 365 allows users to see a message and a button at the top of all emails that will ask if they would like to report the message as phishing. Once a user reports a message, the email and all of its pertinent information will be sent to ITaP security staff for review. 

Mobile users with the Outlook app on their phones can also alert Purdue to phishing threats, by clicking on the three dots under the emails date, scrolling down and clicking on the “Report a Message” button, then selecting “Report as phishing” (see video).  

Purdue asks all users to be vigilant about phishing and spam emails and to report suspicious messages. 
 
Reporting ensures that essential information such as email headers will be included in the report so that ITaP can better protect users from phishing and spam emails. If an email is determined to be a phishing or spam message, the sender’s email address and links included will be blocked to prevent other users from receiving the message or giving up their credentials via a malicious link. 
 
Users can also forward emails as attachments to abuse@purdue.edu like before, but the new button makes the process easier. 

The emails will also be shared with a coalition of Big Ten universities’ information technology security units known as the OmniSOC. Sharing potential phishing and spam email between the organizations brings more security experts to bear on threats and can help prevent malicious messages from ever hitting a user’s inbox when multiple universities are being targeted. 
 
Last updated: November 24, 2021