When you report phishing or suspected email abuse, you help U-M staff update IT security defenses, including threat intelligence, to protect others at the university and Michigan Medicine.
Phishing email includes many forms of frauds, scams, and attempts to trick the recipient into divulging information or taking action(s) that might compromise personal and institutional data or devices. Other problematic email can include harassment, threats, and the mis-use of email groups for unintended purposes, such as unwanted advertising and spam.
All email abuse should be reported, particularly if it is from or impersonates a U-M account, or attempts to direct recipients to fake U-M web pages, such as fake login pages. To report problematic email, send it with it's full headers to:
- ReportPhish@umich.edu for suspected phishing.
- Abuse@umich.edu for other problematic email, such as harassment, threats, and misuse of email groups.
Reporting with Full Headers
Full original headers show the path the message took to get to you. ITS staff members use this electronic trail to investigate the origins of an email message and it helps ITS tailor an appropriate response. It can also help U-M alert outside companies or institutions that someone is misusing their resources. The simple to/from you see on email can be spoofed, but headers provide reliable information ITS can act on. Below are directions on how to report with full headers for some common email systems.
Google Email Users
- In the message you would like to report, click the 3 dots next to the Reply arrow to expand the menu of options and select Show Original.
- In the Original Message screen, click Download Original to download the page as a .eml file.
- Compose a new message, attach the file you downloaded, and send the new message and attachment to ReportPhish@umich.edu or Abuse@umich.edu.
Report to Google. You can also report the phish to Google by using the Google's report phishing option.
Michigan Medicine Outlook Users
- Select the suspicious email.
- In the Outlook menu bar, click the Report Phishing button.
- The email will be deleted, and Michigan Medicine Information Assurance will be notified.
Follow these steps for your operating system:
- Open the message you wish to forward.
- Click the icon with three dots and select the option to Forward as attachment.
- Type any additional information you wish to send and then click Send.
- Start a new message. (It helps to resize the new message and inbox windows so you can see both at once.)
- Drag and drop the message you wish to report into the new message window.
- Hit send.