We’ve all seen it before: an email claiming to be from the boss, asking for immediate help; or an unexpected invitation to access a file, apparently from a colleague. The message looks innocuous enough, but something seem a bit “off” about it. Why is my boss sending me a message from gmail? Why are there spelling or grammar mistakes? Why does the link show a strange website name when I hover over it with my cursor? At this point, you’re pretty suspicious that this message is “phishing” – an attempt to trick you into doing something you otherwise wouldn’t, like giving someone your password, or buying gift cards for them. But what do you do about it? You can delete or ignore the message, but you feel like you should probably let someone know in case others have received similar messages.

A new tool in the fight against phishing

Microsoft has released new functionality that is available in every version of Outlook. The new Report Message feature allows you to notify ITS and Microsoft about a potential phishing message. If the message is verified as phishing, any copies of the message with be automatically removed from all UNC mailboxes. The way to access this feature varies by platform, but full information is available in the EdIT Knowledge Base article on this subject.

Until now, reporting phishing to ITS required you to forward the message as an attachment – something that most of us never need to do otherwise, and that can’t be done from the web or iPhone/Android versions of Outlook. Furthermore, this only allowed ITS to block new messages; existing phishing messages remained in inboxes unless they were deleted manually.

Phishing is one of the most common methods that malicious actors employ to steal login information for business systems. A single compromise of credentials can cost tens of thousands of dollars to mitigate, and can expose sensitive information of students, employees, or research participants. The Report Message feature is easy to use, and will significantly impede the success of phishing efforts by malicious actors. When you get a message you suspect is phishing, please report it immediately.