top of page
A-high-tech-security-control-panel-glowing-with-complex-data-streams-in-a-secure-data-cent

How to Recognize and Report a Phishing Email in Outlook

Summary

This guide explains how to spot common signs of phishing emails and how to report suspicious messages in Microsoft Outlook. The goal is to help you prevent credential theft, malware infections, and unauthorized access to your account.


Assumptions

You use Outlook on Windows, Mac, the web (Outlook on the web), or a mobile device, and you can access your email normally. Your organization may have a built-in “Report Message” or “Report Phishing” button, but even if it does not, you can still report phishing using safe alternatives.


Quick Guide

When an email feels off, slow down and validate it before clicking anything. Check the sender carefully, look for urgency or unusual requests, avoid opening unexpected attachments or links, and report the message using Outlook’s reporting option or by forwarding it to your IT/security mailbox.


Step-by-Step Instructions

  1. Pause and treat the email as suspicious until proven safe. Phishing relies on speed and pressure. If the email demands immediate action, threatens consequences, or offers an unexpected reward, assume it may be malicious.

  2. Check the sender name and email address carefully. In Outlook, the display name can be faked. Open the message details and confirm the actual email address matches the real domain you’d expect. Watch for subtle domain tricks like extra letters, swapped characters, or lookalike domains.

  3. Look for classic phishing red flags in the message content. Common signs include urgent language, unusual payment requests, requests for passwords or MFA codes, unexpected invoice/DocuSign/voice message alerts, poor grammar, and “verify your account” prompts.

  4. Hover over links before clicking. On desktop, hover your mouse over the link to preview the real destination. If the link goes to a strange domain, uses shortened URLs unexpectedly, or doesn’t match the company it claims to be from, do not click.

  5. Treat attachments like they are risky by default. If you weren’t expecting an attachment, don’t open it. Be especially cautious with ZIP files, HTML attachments, and Office files that prompt you to enable macros or “Enable Content.”

  6. Report the email using Outlook’s reporting button if available. In Outlook (desktop or web), select the suspicious message, then look for options such as Report Message, Report Phishing, or Junk. Choose the phishing option rather than just deleting it, because reporting helps protect others.

  7. If you don’t have a “Report Phishing” option, forward it safely to IT/Security. Create a new email and attach the suspicious message as an attachment (so headers are preserved). Send it to your organization’s IT or security reporting mailbox (often service@metflservices.com).

  8. Delete the email after reporting. Once reported, remove it from your Inbox and then empty Deleted Items. If you already clicked something or entered credentials, don’t just delete it, proceed to the troubleshooting steps below.


Troubleshooting

If the email looks like it came from someone you know, but the request is unusual, assume the sender may be compromised. Verify using a known method, such as calling the person at a trusted number or starting a new Teams chat, rather than replying to the email.


If you clicked a link or opened an attachment, disconnect from risky activity immediately by closing the tab or file. If you entered your password, change it right away and report the incident to IT, because fast response can prevent account takeover. If you approved an MFA prompt you did not initiate, report it as urgent, since that can indicate active compromise.


If the “Report Phishing” button is missing, it may be disabled by policy or not installed. The safe fallback is forwarding the message as an attachment to IT/security so they can analyze headers and block the sender or domain.


Security / Business Considerations

Phishing is not just an “email problem”; it’s often the first step in payroll fraud, invoice scams, data theft, and ransomware. Reporting suspicious messages quickly helps your security team tune email filtering and warn other employees before the same campaign spreads. As a rule, your company should never ask you to share passwords or MFA codes by email, and urgent payment or bank detail changes should always require an out-of-band verification process.


When to Contact IT Support

Contact IT immediately if you clicked a link, opened an unexpected attachment, entered credentials, approved an MFA prompt you didn’t initiate, or if the email involved payments, gift cards, payroll changes, vendor banking changes, or sensitive documents. Also contact IT if you keep receiving similar suspicious emails, or if you’re unsure whether a message is legitimate and it relates to money, access, or confidential data.


About MET Florida

MET Florida supports business technology operations with a focus on reliability, security, and practical outcomes. We help organizations manage Microsoft 365, devices, identity, and everyday IT workflows. If you need help confirming a suspicious message or responding to a potential compromise, your IT team can use a standard phishing response process to reduce risk quickly.


Cyber threats and regulatory pressures require a proactive, structured defense strategy. MET Florida provides cybersecurity services that include risk assessments, endpoint protection, network security, compliance alignment, and continuous monitoring. We help organizations meet regulatory requirements while reducing exposure to ransomware, phishing, and data breaches. Our security approach combines prevention, detection, and response to safeguard your business environment.

bottom of page