How to spot and report a phishing email

Phishing emails are designed to trick you into clicking a link, opening an attachment, or sharing information like passwords or payment details. They’re getting harder to spot, but there are common signs to look out for.

What to look for

Most phishing emails share some common characteristics:

• Unexpected urgency, such as threats to close your account or demands for immediate action
• A sender address that doesn’t quite match the organisation it claims to be from
• Generic greetings like "Dear customer" instead of your name
• Links that don’t go where they claim to. Hover over a link (without clicking) to see the actual URL
• Requests for passwords, payment details, or other sensitive information
• Attachments you weren’t expecting, especially .zip, .exe, or Office files asking you to enable macros
• Poor spelling or grammar, though this is less reliable than it used to be

If something feels off about an email, trust your instinct. It’s always better to check than to click.

How to report a phishing email

If you receive a suspicious email in Outlook, use the built-in Report button to flag it:

Outlook on the web

1. Select the suspicious email.
2. Click the three dots (more actions) or right-click the message.
3. Select Report > Report phishing.

Outlook on Windows and Mac

1. Select the suspicious email.
2. In the ribbon, click Report Message (or the shield icon).
3. Select Phishing.

Outlook on iOS and Android

1. Open the suspicious email.
2. Tap the three dots (top right).
3. Select Report Junk > Phishing.

Reporting the email moves it to your junk folder and helps Microsoft improve their filtering for everyone.

Not sure if it’s phishing?

If you’re unsure whether an email is legitimate and don’t want to take any chances, don’t click anything in it. Raise a support ticket and we’ll take a look. Include the sender’s email address and a screenshot of the email. Don’t forward the original email itself.

Already clicked a link or opened an attachment?

Raise a support ticket immediately. Don’t wait. Let us know what you clicked, what you entered (if anything), and when it happened. The faster we know, the more we can do to protect your account.