- Report suspicious emails to the IT Service Desk

ATTENTION:

If you have already clicked a link in a suspicious email, please report it to the IT Service Desk immediately by calling 514-398-3398.

OVERVIEW

Target audience: entire McGill community

It is important to report suspicious emails to IT Services so that they can determine if there is a real threat to the McGill community, take actions to reduce the risks, such as deleting the message from our email servers and blocking malicious web addresses.

In this article:

What to do when you spot a suspicious email
Report a suspicious email in Outlook:
- Windows or macOS
- Outlook on the web
- Android or iOS
Report a suspicious email by forwarding it as an attachment:
- Outlook on Windows
- Outlook on macOS

What to do when you spot a suspicious email

You can quickly report a suspicious email by using the Report Message, Report Junk, or Report Phishing buttons in any Outlook app, including Outlook on the web (https://outlook.com/mcgill.ca).

Depending on the version of Outlook, the report buttons may look slightly different, but the experience will be the same. When you report an email as Junk or Phishing, it will be removed from your Inbox and immediately flagged for our email administrators, so they can act against suspicious emails even faster!

Note: If the email is already in your Junk Email folder, you do not need to report it.

Did you know we post "Phishing scam" announcements on the IT Services site when there are phishing scams targeting a sizable portion of the McGill community?

IMPORTANT:

If you ever click a link in a phishing email and go on to enter your McGill credentials on a suspicious website, change your McGill Password as soon as possible. See the McGill Password Reset Checklist for instructions.

Report a suspicious email in Outlook on Windows or macOS

While viewing a message in Outlook, you can choose to report it as Junk, Phishing or Not Junk.

When you choose Junk, the message is reported, then moved to your Junk Email folder.
When you choose Phishing, the message is reported, then moved to your Deleted Items folder.
If you find a legitimate email in your Junk Email folder, click on Not Junk to move it to your Inbox. This also helps our email filtering system improve.

Depending on the version you use, the report buttons might look slightly different, but the experience will be the same.

Note: At this time, the Report Message buttons in the desktop versions of Outlook will not work for shared, group, or delegated mailboxes. However, you can always report suspicious messages from Outlook on the web (https://outlook.com/mcgill.ca). 

Outlook on the web

You can easily report any suspicious email message by selecting it and clicking on the Report button in the horizontal action ribbon at the top of your Outlook. Please use the Report junk option to report spam and other junk mail that you don’t think is malicious, such as attempts to market goods and services, non-McGill newsletters that you never signed up for, “conference” invitations that are an attempt to acquire leads for business purposes, etc.

If you’re not sure if any email is phishing, or suspect it is, use the Report phishing button.

For extra convenience, you can also add these buttons so they appear in the top right corner of your emails, next to the Reply button.

In Outlook on the Web, click on the cog icon, then click View all Outlook settings.
In the Settings window, click Mail > Customize actions.
Under Customize Actions, select Report junk and Report Phishing then close the window.

iOS or Android

Open the message and tap the three dots in upper right corner (...)
Tap Report Junk
Tap Junk or Phishing

Report a suspicious email by forwarding it as an attachment

If you have Outlook, we recommend that you report a suspicious email by using the Report Junk or Report Phishing buttons. It’s faster for you, and immediately flags the email for our email administrators, so they can act against suspicious emails even faster!

IMPORTANT:

If you don’t have Outlook installed on your device, you can always report suspicious messages from Outlook on the web (https://outlook.com/mcgill.ca). 

Alternatively, you’ll have to forward the suspicious email as an attachment so that our email administrators can inspect parts of the email that provide additional information about the sender and contents. They will take appropriate steps to reduce any potential damage to you and others.

Outlook for Windows

Click on the suspicious email in your Inbox, then select More > Forward as Attachment on the Home tab.
In the To field of the new message, enter the email address phishing@mcgill.ca
Within the body of the email you may ask if it is malicious or safe to open.
Click Send.

Outlook for macOS

Right-click on the suspicious email in your Inbox, then select Forward Special > As Attachment.
In the To field of the new message, enter the email address phishing@mcgill.ca
Within the body of the email you may ask if it is malicious or safe to open.
Click Send.

ADDITIONAL REFERENCES:

Reporting Security Incidents
Phishing scams and how to protect yourself https://mcgill.service-now.com/itportal?id=kb_article&sysparm_article=KB0010915
What to do if you are a victim of a phishing scam https://www.getcybersafe.gc.ca/en/resources/what-do-if-you-are-victim-phishing-scam
FAQs on Exchange Online (Email on Office 365)