Home → Office 365 → Microsoft Outlook 2016, 2019 & Microsoft 365 → Instructions for Handling Phishing Emails in Outlook on Windows

5.13. Instructions for Handling Phishing Emails in Outlook on Windows

If you have received phishing emails, it is important to handle them properly to protect your personal information and prevent further attacks. Here are the steps you can follow to report these emails and ensure your Outlook application remains secure.

1. Identifying Phishing Emails

Phishing emails often have the following characteristics:

- Unsolicited requests for personal information.

- Poor grammar and spelling mistakes.

- Suspicious links or attachments.

- Urgent or threatening language.

- Email addresses that do not match the sender’s name or organization.

2. Do Not Interact with Suspicious Emails

- Do not click on any links or download attachments from suspicious emails.

- Do not reply to the email or provide any personal information.

3. Reporting Phishing Emails to Microsoft

You can report phishing emails directly from Outlook. Here’s how:

Method 1: Using the Report Message Add-in

1. Enable the Report Message Add-in:

   - Open Outlook and go to the "Home" tab.

   - Select "Get Add-ins" from the toolbar.

   - Search for "Report Message" and add it.

2. Report the Email:

   - Open the suspicious email but do not click any links or download attachments.

   - In the Home tab, click on "Report Message" and select "Phishing".

   - Follow the prompts to submit the email to Microsoft for analysis.

Method 2: Manually Reporting Phishing Emails

1. Forward the Email to Microsoft:

   - Create a new email.

   - Attach the phishing email to this new email (do not forward the original email directly as this can remove important information).

     - To do this, drag the suspicious email from your inbox into the new email as an attachment.

   - Send the email to phish@office365.microsoft.com.

2. Mark the Email as Junk:

   - Right-click the suspicious email.

   - Select "Mark as junk" and then "Report". This action will also help improve Microsoft’s spam filters.

4. Delete the Phishing Email

After reporting, delete the email from your inbox and then delete it from your Deleted Items folder to ensure it is completely removed.

5. Additional Security Measures

- Update Your Passwords: If you suspect that your account has been compromised, change your passwords immediately. Ensure that your new passwords are strong and unique.

- Enable Multi-Factor Authentication (MFA): Adding an extra layer of security to your accounts can prevent unauthorized access.

- Run a Security Scan: Use your antivirus software to run a full scan of your system to ensure that no malware has been installed.

6. Stay Informed

- Microsoft Security Tips: Regularly review Microsoft’s [security tips](https://www.microsoft.com/en-us/safety/online-privacy/phishing-symptoms.aspx) to stay updated on the latest phishing tactics.

By following these steps, you can help protect your information and contribute to the wider effort to combat phishing.