Phish Alert Button (PAB): how to use it to report phishing emails

Summary

The Phish Alert Button (PAB) that allows you to report a potential phishing email via your Outlook desktop/web/mobile application or Gmail/Gmail mobile application. Using the PAB will alert the IT Security department to review the email and take immediate action.

Body

What is the Phish Alert Button?
How do I use the Phish Alert Button?
Phish Alert Button in Outlook Desktop
Phish Alert Button in Outlook on the Web
Phish Alert Button in Outlook Mobile App (iOS)
Phish Alert Button in Outlook Mobile App (Android)
Phish Alert Button in Gmail
Phish Alert Button in Gmail Mobile App (iOS & Android)
FAQ
 

What is the Phish Alert Button?

In early September 2024, the IT Security department will launch a Phish Alert Button (PAB) that allows you to report a potential phishing email via your Outlook desktop/web/mobile application or Gmail/Gmail mobile application. Using the PAB will alert the IT Security department to review the email and take immediate action. 

You should report all suspected phishing emails using the PAB. You can still forward suspected phishing emails to reportaphish@udel.edu but the PAB is easier to use and recommended as the first option for reporting. The PAB should NOT be used to report spam. Reported emails that are found to be legitimate may be restored to the user’s inbox.

The PAB will only be available in your @udel account email applications, not your personal accounts. Please review the procedures below on how to report phishing emails on your device.  

Note: If you use Apple Mail or another third-party email client, you should report phishing emails by forwarding them to reportaphish@udel.edu

 

How do I use the Phish Alert Button?

Phish Alert Button in Outlook Desktop 

  1. Open the Outlook application.

  2. Click on the suspicious email message you would like to report.

  3. Click the Phish Alert Report button.
    Note: If you do not see the Phish Alert Report button, contact askit@udel.edu. ​

  4. A pop-up displays asking you to confirm that you want to report the email message as a phish.Click Phish Alert.

  5. A pop-up displays thanking you for reporting the email.

  6. The suspicious email will be removed from your inbox for analysis. 

  7. You will receive an email notification that a TeamDynamix Incident was created. This means that the security team was notified and the email is being analyzed. 

*Please note the sender's name "UD Services <services@udel.edu> (TeamDynamix Incident Created)". Email responses will always come from this sender and are safe.

  1. Once our Security Team reviews the email, you will receive an email response confirmation that the phish was successfully remediated. 

Phish Alert Button in Outlook on the Web

  1. Log in to Office365 at Outlook.office.com.

  2. Click on the suspicious email message you would like to report.

  3. Locate the Phish Alert button in the upper right-hand corner of the email:


 

  1. Click the Phish Alert button.

  2. A pop-up displays asking you to confirm that you want to report the email message as a phish. Click Phish Alert.


6.  A pop-up displays thanking you for reporting the email.

  1. The suspicious email will be removed from your inbox for analysis. 

  2. You will receive an email notification that a TeamDynamix Incident was created. This means that the Security Team was notified and the email is being analyzed.
    *Please note the sender's name "UD Services <services@udel.edu> (TeamDynamix Incident Created)". Email responses will always come from this sender and are safe.

  3. Once our Security Team reviews the email, you will receive an email response confirmation that the phish was successfully remediated. 

Phish Alert Button in Outlook Mobile App (iOS)

  1. Launch the Outlook Mobile app.
    Note: Native mail apps (e.g., Mail on iPhone) do not support the Phish Alert button.  UDIT recommends switching to the Outlook application if you are currently using a native mail application.

  2. Click on the suspicious email message you would like to report. ​

  3. Click the three dots on the right-hand side of the email below the time.
    mceclip0.png

  4. Click Phish Alert.

  5. A pop-up displays asking you to confirm that you want to report the email message as a phish. Click Phish Alert.

  6. The suspicious email will be removed from your inbox for analysis.

  7. You will receive an email notification that a TeamDynamix Incident was created. This means that the security team was notified and the email is being analyzed.
    *Please note the sender's name "UD Services <services@udel.edu> (TeamDynamix Incident Created)". Email responses will always come from this sender and are safe.

    8. Once our Security Team reviews the email, you will receive an email response confirmation that the phish was successfully remediated. 

Phish Alert Button in Outlook Mobile App (Android)

  1. Launch the Outlook Mobile app.
    Note: Native mail apps (e.g., Mail on iPhone) do not support the Phish Alert button.  UDIT recommends switching to the Outlook application if you are currently using a native mail application.

  2. Click on the suspicious email message you would like to report. ​

  3. Click the three dots on the right-hand side of the email below the time.

  4. Click Phish Alert.


 

  1. A pop-up displays asking you to confirm that you want to report the email message as a phish. Click Phish Alert.

  2. A message displays to confirm that you reported the email.

  3. The suspicious email will be removed from your inbox for analysis.

  4. You will receive an email notification that a TeamDynamix Incident was created. This means that the Security Team was notified and the email is being analyzed.
    *Please note the sender's name "UD Services <services@udel.edu> (TeamDynamix Incident Created)". Email responses will always come from this sender and are safe.

  5. Once our Security Team reviews the email, you will receive an email response confirmation that the phish was successfully remediated. 

Phish Alert Button in Gmail

  1. Open Gmail.

  2. Click on the suspicious email you would like to report.

  3. Locate the Phish Alert Button on the right-hand side of the email.

  4. Click the Phish Alert Button.

  5. A pop-up displays asking you to confirm that you want to report the email message as a phish. Click Phish Alert.

  1. You will receive confirmation that the email was reported.

  2. The message will automatically be removed from your inbox for analysis. 

  3. You will receive an email notification that a TeamDynamix Incident was created. This means that the Security Team was notified and the email is being analyzed.
    *Please note the sender's name "UD Services <services@udel.edu> (TeamDynamix Incident Created)". Email responses will always come from this sender and are safe.

  4. Once our Security Team reviews the email, you will receive an email response confirmation that the phish was successfully remediated. 

Phish Alert Button in Gmail Mobile App (iOS & Android)

  1. Open the Gmail Mobile app.
    Note: Native mail apps (e.g., Mail on the iPhone) do not support the Phish Alert button.  UDIT recommends switching to the Outlook application if you are currently using a native mail application.

  2. Click on the suspicious email message you would like to report. ​

  3. Scroll to the bottom of the screen and locate the Available Add-ons section. From the Add-ons section, click the phish hook icon and scroll down to the bottom of the screen to access the PAB.

  4. To report the email, click the blue Report This Suspicious Email button.

     

  5. You will see a confirmation message like the one shown below.

    The suspicious email will be removed from your inbox for analysis.

  6. You will receive an email notification that a TeamDynamix Incident was created. This means that the Security Team was notified and the email is being analyzed.
    *Please note the sender's name "UD Services <services@udel.edu> (TeamDynamix Incident Created)". Email responses will always come from this sender and are safe.
     

  7. Once our Security Team reviews the email, you will receive an email response confirmation that the phish was successfully remediated. 

 

FAQ

  • Why is there a new button to report phishing emails?

    • The Phish Alert Button (PAB) is a safe and easy way to report suspicious emails. Gmail’s/Exchange’s reports and metrics are not easily accessible and do not integrate with our current reporting process. The PAB replaces the previous process of forwarding suspicious emails to reportaphish@udel.edu

  • Should you continue using the original reporting buttons?

    • No, all UD users should report suspicious emails using the PAB. This way you are reporting directly to our Security team to remediate and so we can pull reports/metrics from Knowbe4.
      Note that the Gmail native reporting button cannot be removed. However, the O365 native button will be removed on the same day as the PAB implementation.

  • Will reporting an email as a phish using the new button act as a means of blocking future communications that look similar?

    • The button will forward the email to our SecOps mailbox for review. However, it will not automatically block future communications. When the suspicious emails are reviewed, our blocklist will be updated and forward the emails to our Microsoft O365 mail server and Gmail. TDX will forward suspicious emails to Gmail or MS to train the system.

  • Will the native phishing reporting button in Google or O365 be removed? 
    • The Gmail native reporting button cannot be removed. However, the O365 native button will be removed on the same day as the PAB implementation. We will have TDX forward suspicious emails to Microsoft and Gmail to continue to train the systems.