Report suspicious emails received in your McGill Inbox


OVERVIEW

Target audience: entire McGill community

It is important to report suspicious emails received in your McGill Inbox so that our email administrators can determine if there is a real threat to the McGill community, take actions to reduce the risks, such as deleting the message from our email servers and blocking malicious web addresses.

In this article:

warning

IMPORTANT:

Please contact the IT Service Desk immediately by calling 514-398-3398 if you have interacted with a suspicious email received in your McGill Inbox in any of the following ways:

  • Entered or provided your McGill credentials after clicking a link, scanning a QR code, or replying to the sender by call, SMS or other form of direct message.
  • Downloaded or opened a file.

If you cannot call the IT Service Desk immediately, change your McGill Password right away and then check to see that no new 2FA methods have been registered for you.

See What is my McGill Username and how do I change my McGill Password? and Two-factor authentication (2FA) and Self-Service Password Reset (SSPR) articles for instructions.

What to do when you spot a suspicious email

You can quickly report a suspicious email by using the Report Junk or Report Phishing buttons in any Outlook app.

If you don’t have Outlook installed on your device, you can always report suspicious messages from Outlook on the web.

When you report an email, it will be removed from your Inbox and immediately flagged for our email administrators, so they can review it and quickly take action to protect our community. 

Note: If the email is already in your Junk Email folder, you do not need to report it. 

info

Did you know:

We post "Phishing scam" announcements on the IT Services website when there are phishing scams targeting a sizable portion of the McGill community?

 

Report a suspicious email in Outlook 

While viewing a message in Outlook, you can choose to report it as Junk, Phishing or Not Junk. You can also select and report multiple messages at once!

Depending on the version of Outlook you use, the report buttons may be in a slightly different location, but the experience will be the same.

Windows or macOS

 

iOS or Android 

Outlook for iOS version 4.2511 or later and Outlook for Android version 4.2446 or later.

Depending on the version of your Outlook app, the report buttons may be in a slightly different location or order, but the experience will be the same.  

  1. Open the message and tap the three dots (...) in upper right corner.
  2. Tap Report Phishing or Report Junk.

                

Customize the placement of the Report button in Outlook

If you find yourself accidentally clicking on the Report Phishing button, or would like to change where it appears in the ribbon or context menus, Outlook lets you change the location, courtesy of the “Customize the Ribbon” menus.

Recover emails you accidentally reported

When you use the Report Junk button, emails are moved to your Junk Email folder. 

When you use the Report Phishing button, emails are deleted.

In both cases, there can be a slight delay before the email is moved. If you accidentally report a legitimate email and need to restore it, the articles listed below provide instructions:

If you cannot restore the email, we recommend asking the sender to resend it, after first checking to confirm that you haven’t blocked the sender in Outlook.

Report phishing through text message (SMS), Teams message, phone call, or other non-email methods

While the majority of phishing attacks happen through email, attackers use other techniques to entrap victims. If you experience phishing through the methods listed below, please report it to the IT Service Desk through this form, providing as much information as you can, including time, date, and screenshots if available.

references

ADDITIONAL REFERENCES: