Back to Knowledge BaseSecurity & Passwords

    How to Report a Phishing Email in Outlook

    6 min read
    Updated 20 February 2026

    What is a Phishing Email?

    A phishing email is a message designed to trick you into clicking a malicious link, downloading a dangerous file, or handing over your login credentials. They often look like they come from Microsoft, your bank, Australia Post, or even your own colleagues.

    Reporting phishing emails is one of the most important things you can do to protect your business — it alerts your IT team and helps Microsoft improve its filters for everyone.

    How to Spot a Phishing Email

    Before you report, look for these common warning signs:

    Sender address looks off

    • Hover over the sender name to reveal the real email address
    • Watch for addresses like support@micros0ft-help.com or noreply@australiapost.net.co
    • Legitimate organisations use their own domain consistently
    Something feels urgent or threatening
    • "Your account will be suspended in 24 hours"
    • "Immediate action required — verify your details now"
    • "You have an outstanding payment — click here to avoid penalties"
    Unexpected attachments or links
    • You were not expecting an invoice, parcel notification, or shared document
    • The link URL does not match the company it claims to be from (hover before clicking)
    • Attachments have extensions like .exe, .zip, .docm, or .xlsm
    Poor spelling or generic greetings
    • "Dear Customer" instead of your name
    • Odd phrasing or grammar that feels slightly off
    • Logos that look slightly pixelated or off-brand

    How to Report a Phishing Email in Outlook (Desktop)

    Method 1: Use the Built-In Report Button (Microsoft 365)

    If your organisation uses Microsoft 365, you may have the Microsoft Report Message add-in installed.

    • Open the suspicious email (do not click any links inside it)
    • Look for the Report Message button in the ribbon at the top
    • Click it and select Phishing
    • Confirm the report when prompted
    • The email will be moved out of your inbox and sent to Microsoft for analysis
    This is the fastest and most effective method if the button is available.

    Method 2: Use the Three-Dot Menu on Mobile or Web

    If you are using Outlook on the web (office.com) or the Outlook mobile app:

    • Open the suspicious email
    • Click the three dots (More actions) icon
    • Select Report then choose Phishing or Junk
    • The email will be removed and reported automatically

    Method 3: Forward to Your IT Team

    If you are unsure whether an email is a phishing attempt:

    • Do not click anything inside the email
    • Forward it to your IT support team or helpdesk
    • Include a note explaining why you found it suspicious
    • Your IT team can investigate and take action if needed
    Contact Netluma IT: helpdesk@netlumait.com.au or 1300 521 162

    What Happens After You Report It?

    When you report a phishing email:

    • Microsoft analyses the message and updates its spam filters
    • Your IT team (if notified) can check whether others received the same email
    • The email is removed from your inbox so you cannot accidentally click it later
    • If others in your organisation received it, your IT team can delete it from their inboxes remotely

    What to Do If You Already Clicked a Link

    If you have already clicked a suspicious link or entered your password somewhere unexpected:

    • Do not panic, but act quickly
    • Change your password immediately for the affected account
    • Contact your IT team right away — call rather than email
    • If you entered Microsoft 365 credentials, your IT team will need to review your account for suspicious activity
    • Do not use the affected account until IT has confirmed it is safe

    Setting Up the Microsoft Report Message Add-In

    If you do not see a Report Message button in Outlook, ask your IT team to install it. It is a free Microsoft add-in that makes reporting phishing one click.

    Once installed, it appears in the Outlook ribbon and works across desktop, web, and mobile versions.

    Tips for Your Team

    • Never report as "Junk" if you suspect phishing — the Junk option is for unwanted marketing email, not scams. Always use the Phishing option to trigger the right response.
    • Do not forward phishing emails to colleagues to show them — this spreads the risk.
    • If an email asks for your password, it is always a phishing attempt. Microsoft, your bank, and Netluma IT will never ask for your password by email.
    • Talk to your team — if you received it, others probably did too. A quick heads-up could prevent someone else from clicking.

    Need Help?

    Contact Netluma IT if you suspect a phishing campaign is targeting your business or if you are unsure whether an email is safe.

    Phone: 1300 521 162 Email: helpdesk@netlumait.com.au

    Was this article helpful?

    Still Need Help?

    If you are still having trouble, our support team is here to help.

    Email HelpdeskCall 1300 521 162

    Related Articles

    How to Reset Your Microsoft 365 Password

    4 min read

    How to Set Up Two-Factor Authentication (2FA)

    5 min read

    How to Spot Phishing Emails

    5 min read

    Browse Other Categories

    Email & CalendarSecurity & PasswordsMeetings & CollaborationDevices & ConnectivityMicrosoft 365Mobile DevicesPrinting & ScanningRemote WorkFile Management & BackupCommon Error MessagesWindows TroubleshootingKeyboard, Mouse & PeripheralsGoogle Workspace