Report suspected phishing emails


Phishing attacks are emails which attempt to trick you into clicking malicious links, interacting with malware, or sending your account credentials to bad actors. The University of Toronto employs advanced threat protections to prevent malicious emails from reaching your inbox; however, phishing attacks can occasionally evade these safeguards.

Table of Contents

Overview

If you receive a suspicious-looking email, report it immediately. Reported emails are sent to Information Security’s incident response team for investigation and are automatically removed from your U of T inbox. When reporting an email, you can provide additional information to help keep the university safe. 

There are two methods for reporting phishing emails at U of T:

How to use the U of T Report Phishing button

If you receive a suspicious email in your University of Toronto inbox, follow these steps:

  1. Do not interact with the email. Do not click on links, open attachments, provide personal information, or forward the message.
  2. In Microsoft Outlook, select the U of T Report Phishing button.
  3. Provide any additional information, then select Close and Delete.

If you cannot access the Report Phishing button, forward the email to report.phishing@utoronto.ca, then delete it from your inbox.

If you interacted with the sender, clicked on a link, or opened an attachment, contact security.response@utoronto.ca immediately.

A blue envelope with a red warning icon labeled "UofT Report Phishing".

The Report Phishing button icon is an open blue envelope with a red warning symbol.

Outlook Web Access (OWA) and Outlook desktop app for Windows

When viewing an email, the Report Phishing button appears in two locations:

The Report Phishing button in the "Other Apps" section of the Home tool ribbon.

The Report Phishing button in the “Other apps” section of the email view pane header.

Outlook desktop app for MacOS

When viewing an email, select the three-dot (More actions) menu in the toolbar to access the Report Phishing button.

The Report Phishing button in a dropdown menu in the email view pane header.

Outlook mobile app for Apple and Android

When viewing an email, select the three-dot (More actions) menu in the upper-right corner, then scroll to the bottom of the menu to find the Report Phishing button.

The Report Phishing button at the bottom of the iOS email action menu.The Report Phishing button at the bottom of the Android email action menu.

Report an email by email forwarding

  1. Do not interact with the email.
  2. Forward the suspicious email to report.phishing@utoronto.ca.
  3. Manually delete the email from your inbox to prevent any further interaction with it.
  4. If you interacted with the email sender, clicked on a link, or opened an attachment, contact security.response@utoronto.ca immediately.

Related information