This site requires JavaScript to be enabled


Phish Email Reporting - Outlook (PhishAlarm)


Image of definition for phishing


When you receive an email that you have properly identified as a phishing or malicious attempt, you can report that email directly from within your Outlook account with both Windows and Mac versions by following these steps:


Outlook Desktop Application (Win/macOS)

1) Click and highlight the suspected email

Image of suspected email


2) In the ribbon of the Outlook application, click on the PhishAlarm button.

Image of PhishAlarm option in the Outlook ribbon

Note! If you do not see this button in your Outlook ribbon, please contact OIT Technical Support at 801-957-5555.


3) A notice will appear indicating that the email was forwarded to Information Security Office.

Image of notice for reporting a phish email

This will remove the email from your Inbox and placed in your Deleted Items folder.


Note 1 - You cannot report Phishing from your Deleted Items folder.  The PhishAlarm option in the ribbon is greyed out.  You will need to move the email back into your Inbox before following these steps.

Note 2 - You can report Phishing from a shared mailbox(es).  However, the reported event will use the Username of the User who clicked on the PhishAlarm option.



Outlook Web Mail (any browser)

Phishing emails can also be reported through Web Mail by these steps.

1) Click on the suspected email you want to report.

Image of phishing email


2) Click on the horizontal Ellipsis (three dots) to the right of the email.

Image of horizontal Ellipsis


3) Towards the bottom of the drop-down menu, click on Report Phish.

Image of the options list where Report Phishing is located.


4) A notice will appear indicating that the email was forwarded to the Information Security Office.

Image of phishing report notification



What happens when you click "Report Phish" Button?

The reported email will automatically send a copy of the email to an analyzer along with a notification tot he Information Security Office.  The email will be evaluated and depending on what the results are determines the next action.

  • A Phish:  Closed-loop Email Analysis and Response (CLEAR) will take action and remove the email from the Users mailbox and all other SLCC inboxes.
  • Not a Phish:  No action will be taken beyond moving the email to the users deleted items.
  • Each reported “Phish” creates an incident in Proofpoint Trap and the action that it executed.  OIT Information Security Office monitors these incidents.




If you have any questions, please contact OIT Technical Support at 801-957-5555


Was this article helpful?
Not rated

Print Article