POV: You’ve just received a mysterious email from someone claiming to be from your company’s HR department. You’ve never heard of this person before, despite knowing a majority of the people in your company personally. That’s a little strange. But, the weirder part is that they’re asking for personal information from you that you’re certain the company already has on file. Something seems pretty phishy here.

These days, cybercriminals are casting a wide net with their phishing attempts in order to maximize their returns. Whether you’re in finance, HR, or working on the production line, if you have an email inbox, you’re likely going to come across some suspicious emails. So, what happens when you do?

Step 1: Determine whether the email is legitimate

First and foremost, without clicking any links or downloading any attachments, scan the email to determine whether it’s legitimate. (You can read more of our tips for how to spot a phishing hook here!) Follow-up documents from your boss that you’re expecting? Probably cool. Links from someone in your HR department that you’ve never heard of, asking for you to fill out your personal information? Probably not cool.

Step 2: Report the email to Microsoft

Once you’ve made your assessment and determined that the message is, indeed, suspicious, you’ll want to report it to Microsoft to prevent future messages from hitting your inbox. To do so, select the message that you’d like to report, then follow the appropriate steps below to report the message:

In the Outlook client:

Once the operative message is selected, go to ‘Home’ > ‘Report Message’, located in the top right corner of the ‘home’ menu > In the dropdown, select ‘Phishing’ > When the reporting window pops up, click ‘Report’ as the final step.

In the web version of Outlook:

Once the operative message is selected, select ‘Junk’ from the menu below the search bar > select ‘Phishing’ from the menu, pictured below.

After you select ‘Phishing’ > Click ‘Report’ in the window that pops up. Then, you’re all set!


With cybercrime on the rise and attackers getting wiser by the day, phishing attempts are only getting increasingly more prevalent. While reporting these emails when you see them won’t stop all cybercrime, with a few quick and easy steps, you can protect yourself from further contact from the sender. And, you can feel good knowing that with your help, there’s one less bad actor lurking in the dark shadows of your inbox.