What is Phishing?
Phishing is a fraudulent e-mail based attack disguised as a legitimate communication. The goal of the attacker is to trick the recipient into responding by clicking on a link, opening an attachment, or directly giving up account credentials, i.e. user name and password.
How do I report a suspected phishing e-mail?
Select the suspected phish and click on the Report Phishing button in the Outlook ribbon toolbar.
What happens when I report a suspected phishing e-mail using the Phishing Reporter tool in Outlook?
Once the user reports the suspected phishing e-mail, the e-mail is forwarded to IT Security and deleted from the user’s inbox.
- the e-mail is forwarded to IT Security and deleted from the user’s Inbox (a copy is placed in the user’s Deleted folder)
- The PhishMe Reporter dialog box opens with the following message:
Click “OK” to report this e-mail to IT Security and remove the message from your Inbox. This button is for reporting only. If you have questions about the message or have interacted with it (i.e. clicked on links, opened attachments, responded to the sender, etc.) please contact the Service Desk for further assistance. Thank you.
- IT Security will analyze the e-mail
- legitimate e-mails are returned to the user
- malicious e-mails are deleted
Is the Outlook Phishing Reporter tool available for Outlook Web Access (OWA) or the Office 365 portal?
Yes, the Phishing Reporter tool is available for OWA or Office 365 portal, however the Phishing Reporter tool is not available on alternative mail clients on mobile phones. To report a suspected phish from an alternative mail client on a mobile device, forward the suspected e-mail to email@example.com.
Note: It is best to use the Reporter tool because the original e-mail headers are included and needed for analysis by IT Security.
Should I forward suspected phish to the IT Security Desk?
No, please either use the Phishing Reporter tool or forward the suspected phish to firstname.lastname@example.org.
What if I have questions about the e-mail or interacted with the contents of the phish?
Please contact the IT Service Desk. An IT Service Desk ticket will be opened for IT Security to address the issue.
What is the Phish Trap?
The Phish Trap is a repository of actual phishing e-mails received at the College and reported to the Office of Information Technology (OIT) by employees using the Outlook Phishing Reporter tool. Employees should visit the page to check if a phish has already been reported and/or use the site to improve their phishing awareness.
What other phishing and security awareness education resources are available?
Basic safe computing and security awareness E-courses are available in MC Learns. Available topics include:
- Social Engineering
- Spear Phishing Awareness
- Malware links
- Password Security
- Data Protection
- Mobile Devices
- Social Networking
- Physical Security
- Security Outside the Office
- Insider Threat
What is a PhishMe simulated phishing e-mail?
PhishMe is a program OIT will use to randomly send simulated phishing e-mail scenarios to College employees. The purpose is to promote user awareness on how to detect a phishing e-mail.
What do I do if I receive a PhishMe simulated phishing e-mail?
If you receive a simulated phish, don’t fall for the trick. Do what you would do with any suspected phish. Report the e-mail using the Outlook Phishing Reporter tool or email@example.com.
What happens when I report the PhishMe simulated phishing e-mail?
Once the user submits the simulated phishing e-mail, the e-mail is forwarded to IT Security and deleted from the user’s Inbox just like a real phishing e-mail would be handled (a copy is placed in the user’s Deleted folder).
What happens if I don't detect the PhishMe e-mail as a phish and click on the link?
If you click on the link in the simulated phishing e-mail:
- you will receive a 30 – 60 second informational video or graphic
- there is No Penalty for not detecting the phishing e-mail
- The purpose of e-mail is only to educate College employees on how to detect the tricks and dangers of phishing e-mails