Overview
Although your first instinct may be to ignore or delete suspicious emails, we recommend that you report them to our security team. IT will examine the email and advise you of any further steps you may need to take.
How to Send a Phishing Scam or Suspicious Email to Security Team
To report a phishing scam, forward the phishing email as an attachment to incident@northcentral.edu using the following methods.
Outlook Desktop
- Select the suspicious email in Outlook.
- Press Control-Alt-F. This will open a draft email message with the suspicious email as an attachment.
- Add incident@northcentral.edu in the To: field of the draft email message.
- Send the email.
Outlook Online / Office 365
- Select New to compose a new message.
- In the upper right-hand corner of the new message, click the icon to compose the message in its own window.
- Drag the suspicious email into the body of the new message. This will add the suspicious email as an attachment.
- Add incident@northcentral.edu in the To: field of the draft email message.
- Send the email.
Gmail
- Open the suspicious email, but do not click on any links or open any attachments.
- Click on the More button on the right side next to the date the email was sent.
- From the drop-down menu, select Show original.
- Click on the page and then click CTRL + A to select all the text.
- With all the text selected, click CTRL + C to copy all of the text.
- Click the Compose button on the left side of the screen to start a new email.
- In the message section of the new email, click CTRL + V to paste the text.
- Add incident@northcentral.edu in the To: field of the draft email message.
- Send the email.
Apple Mail
- Select the suspicious email in Mail.
- Select Message, then Forward as Attachment from the menu bar (or right-click and select Forward as Attachment).
- Add incident@northcentral.edu in the To: field of the draft email message.
- Send the email.
Why do we request forwarding as an attachment?
When you forward the message as a regular email, full headers are not included. Without the full headers, the investigation of the suspicious email becomes more challenging.
Full headers provide information about the path the message traveled to get to your inbox. These headers are critical for Cybersecurity staff members investigating the origins of an email message.
Simple headers (to/from) can be forged, so full headers are an important step to diagnosing, containing, and possibly preventing more phishing attempts.
Audience
Employees and Students