Knowledgebase: Access: Email
How to report phishing/spam emails
Posted by Evan White, Last modified by Phillip Martin on June 04, 2020 04:31 PM

All email accounts at NSU can report suspicious email. If many people report a certain phishing email, it will be removed from the inbox of all recipients, preventing exposure to potential victims. The Report Phishing button, with the icon shown above, is available for Outlook 2016 for Mac or PC, Outlook for Android and iOS, and Outlook on the web, when logged into an NSU email account.

These articles have further detail on each version of Outlook:

Generally, on PC, this button will be shown in the ribbon, which will report the email currently in the reading pane:

On other platforms, such as mobile and the web, there will be three dots shown in the reading pane. This will open a menu containing the Report Phish button:

Which emails should be reported?

A spam email will usually be sent to hundreds of people from a single hacked account, usually those that leave their passwords the default.

A few common spam attacks we have encountered:

  • Job solicitations (baby/pet sitting, personal assistant, etc) from strangers, asking to provide information directly to a strange free webmail (Gmail, Yahoo) address
    • These solicitations never lead to an actual job, they only serve to extract information to hack more accounts.
    • For all legitimate job programs on campus, students are directed to use Handshake or follow official messaging from NSU personnel.
  • Message indicating that Microsoft has upgraded a system or application such as Outlook ("New 2020 Microsoft Outlook")
    • A legitimate message about information systems on campus will come directly from [email protected]
  • Invitation to view an unfamiliar shared document in cloud storage (OneDrive, Google Docs, Dropbox) from a stranger without prior notice

How can I prevent my account from being used for spam attacks?

Please set a password other than the issued/default password by following the steps at https://aka.ms/passwordchange. Attackers become aware of the default password and harvest information to attack accounts which have not set their own password.

Set up Multi-Factor Authentication with Microsoft.

(0 vote(s))
Helpful
Not helpful

Comments (0)