Reporting a Phishing Scam or Suspicious Email

Learn how to report a suspicious email or phishing attempt to the NCU IT security team — including using the built-in Report Phishing button in Outlook and Gmail, forwarding as an attachment when needed, and what to do on mobile.

Before you report

If you received a suspicious message, do not click any links, open any attachments, or reply to the sender. Your instinct to delete it is understandable — but reporting it first helps IT investigate the source, warn others, and potentially block further attacks.

What happens after you report: IT reviews every report. You may not receive a direct reply — most are acted on quietly. When something is widespread, IT issues a campus alert. Otherwise, reports inform blocklist updates, filter tuning, and ongoing investigation behind the scenes.

It's worth understanding why not every report leads to a visible fix. Many of the phishing attempts hitting NCU aren't sophisticated — they're simply a Gmail or Yahoo address with an NCU employee's name attached and a convincing-looking signature. There's no spoofed domain to block, no compromised NCU account to lock down. IT can block a specific address, but blocking an entire major email provider isn't an option. The same applies when an email warns you that "your account has been compromised" — often it isn't an NCU account at all. These messages survive filters because they technically come from legitimate mail providers.

That's exactly why awareness is the most important layer of defense. IT can't always stop these at the door — but you can spot them by checking the actual sender address before acting on anything.

If you have already clicked a link, entered credentials, or sent money or personal information — stop reading this article and go to Help! I Have Been Phished! for immediate recovery steps. Call IT at 612.343.4170 right now.

Report Phishing button — Outlook and Gmail

The built-in Report Phishing button is the fastest and preferred way to report. It alerts IT and Microsoft or Google simultaneously, preserves what they need for investigation, and removes the message from your inbox — no forwarding required.

Outlook Desktop (Windows & Mac)

  1. Select the suspicious email in your inbox.
  2. Click the Report button in the Home ribbon.
  3. Select Report Phishing from the dropdown.
  4. If prompted, confirm whether to also notify Microsoft — yes is the right answer.

Don't see a Report button? Click the at the far right of the ribbon and look for Report or Report Message there. If it's still missing, use the forward-as-attachment fallback below.

Outlook on the Web (Microsoft 365)

  1. Open or select the suspicious email.
  2. Click the Report button in the toolbar at the top of the message.
  3. Select Report Phishing from the dropdown.
  4. If prompted, confirm whether to also notify Microsoft.

The message is deleted from your inbox automatically once reported.

Gmail

  1. Open the suspicious email.
  2. Click the three vertical dots (⋮) next to the Reply button in the top-right corner of the message.
  3. Select Report phishing, then click Report Phishing Message to confirm.

This reports to Google's abuse team. Also forward to incident@northcentral.edu so NCU IT is in the loop — use the Outlook web fallback steps below if you need to forward from a personal Gmail.

Reporting on mobile

Use the Outlook mobile app — it's the recommended email client on mobile

NCU recommends the Outlook mobile app (iOS and Android) as your primary email client on any mobile device. From within the app:

  1. Open the suspicious email.
  2. Tap the three dots (⋯) in the top-right corner of the message.
  3. Select Report Junk, then choose Phishing.

If you're accessing email through a mobile browser or a different app, forward the message to incident@northcentral.edu and follow up with a call to IT at 612.343.4170 if the message seems serious.

Forwarding as an attachment (fallback)

If the Report Phishing button isn't available, forward the suspicious message as an attachment to incident@northcentral.edu. A regular forward strips the technical headers IT needs — forwarding as an attachment preserves them.

Outlook Desktop — forward as attachment

  1. Select the suspicious email in your inbox.
  2. Press Ctrl + Alt + F. A new draft will open with the message attached.
  3. Add incident@northcentral.edu in the To: field and send.

Outlook on the Web — forward as attachment

  1. Click New message to compose a new email, then click the pop-out icon in the upper-right of the compose window to open it in its own window.
  2. Drag the suspicious email from your inbox into the body of the new message — it will appear as an attachment.
  3. Add incident@northcentral.edu in the To: field and send.
Why full headers matter

Full headers let IT trace where the message actually came from

A regular forward strips most of the technical metadata out of an email. Full headers tell IT:

  • The actual path the message traveled to reach your inbox
  • The true originating server — even when the display name or From address is spoofed
  • Timestamps and relay points that help trace and block the source

The built-in Report Phishing buttons preserve this automatically. If you're forwarding manually, forwarding as an attachment is the only way to include it.

Print Article

Related Articles (1)

Help! I Have Been Phished!
Learn what to do if you clicked a phishing link, entered your credentials on a suspicious page, or sent money or personal information in response to a scam — including immediate steps to secure your account, protect your finances, and report the incident.

Related Services / Offerings (1)

Security Incident Response and Consulting
IT prioritizes keeping your information secure. IT works hard to maintain confidentiality, integrity, and to prevent information from being compromised. You can benefit from consulting with our office by obtaining the necessary tools and information to keep you, your information, and your computer safe.