Phishing email???

If your director received a suspicious email that you suspect is a phishing attempt, it is important to report it. Here are the steps you can take:

1. Do not reply or click on any links in the email.
2. Report the email:
   • If using Outlook.com, select the checkbox next to the message in the inbox, click on the arrow next to Junk, and select Phishing.
   • In Microsoft Office Outlook, open the suspicious message, select Report message from the ribbon, and then choose Phishing.
   • For Microsoft 365, you can use the Submissions portal in Microsoft 365 Defender to submit the phishing sample for analysis.
3. Contact your IT admin if you are on a work computer, as they may have specific procedures for handling such incidents.
4. Notify your bank and credit card company about any potential fraudulent activity if sensitive information was shared.

Taking these steps can help mitigate any potential risks associated with phishing attempts.

References:

• How to protect against phishing attacks
• How do I know if an email from Microsoft support is genuine?

Dear @Ramiro Segovia,

Thank you for posting your question in the Microsoft Q&A forum.

To help me narrow down the issue, are you using a personal Microsoft account (@outlook.com/hotmail.com) or a work account (@company.com)? If you are using business account, are you admin in your company?

In Microsoft 365 organizations with mailboxes in Exchange Online, users can report phishing and suspicious email in Outlook. Users can report false positives (good email that was blocked or sent to their Junk Email folder) and false negatives (unwanted email or phishing that was delivered to their Inbox) from Outlook on all platforms using free tools from Microsoft.

Microsoft provides the built-in Report button in supported versions of Outlook on virtually all Outlook platforms for users to report good and bad messages. For more information about reporting messages to Microsoft, see Report messages and files to Microsoft.

Admins configure user reported messages to go to a specified reporting mailbox, to Microsoft, or both. These reported messages are available on the User reported tab on the Submissions page in the Microsoft Defender portal. For more information, see User reported settings.

For more information, please refer to Report phishing and suspicious emails in Outlook for admins

In this case, if you are user and the email appears to be a phishing attempt, here are some steps I recommend you try:

Step 1: Do not click any links or open attachments in the email.

Step 2: In a supported version of Outlook, select one or more messages, select Report, and then select Report phishing or Report junk in the dropdown list (available in both desktop and web versions). This will notify Microsoft and our security team.

For more information: Use the built-in Report button in Outlook to report junk and phishing messages and How do I report phishing or junk email (Mobile)?

Step 3: If the “Report Message” option is not available, forward the email as an attachment to our internal security mailbox (e.g., phishing@<yourdomain>), or open a ticket with your IT Helpdesk.

Step 4: After reporting, move the email to Junk or delete it.

• If anyone clicked a link or entered credentials, please disconnect the device from the network and contact IT immediately for password resets and security checks.
• Your quick action helps protect our organization. If you need assistance with reporting or suspect any compromise, please reach out to the IT Security team right away.

Please understand that as forum moderators, our primary goal is to provide helpful guidance and support through general troubleshooting steps. While we don’t have access to internal systems or administrative tools required to resolve account-specific or backend issues, we truly appreciate your understanding of these limitations. We genuinely hope the information we share helps guide you in the right direction, and we're always here to assist as much as we can within our scope.  

I hope this information is helpful. Please follow these steps and let me know if it works for you. If not, we can work together to resolve this. If I misunderstand anything, please feel free to reach out.

Please understand that our initial response does not always resolve the issue immediately. However, with your help and more detailed information, we can work together to find a solution.

Thank you for your patience and your understanding. If you have any questions, please feel free to reach out.

I'm looking forward for your reply.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".   

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.