How to Report Phishing and Other Email Abuse

When you report phishing or suspected email abuse, you help U-M staff update IT security defenses, including threat intelligence, to protect others at the university and Michigan Medicine.

Phishing email includes many forms of frauds, scams, and attempts to trick the recipient into divulging information or taking action(s) that might compromise personal and institutional data or devices. Other problematic email can include harassment, threats, and the mis-use of email groups for unintended purposes, such as unwanted advertising and spam.

All email abuse should be reported, particularly if it is from or impersonates a U-M account, or attempts to direct recipients to fake U-M web pages, such as fake login pages. To report problematic email, send it with it's full headers to:

• [email protected] for suspected phishing.
• [email protected] for other problematic email, such as harassment, threats, and misuse of email groups.

Reporting with Full Headers

Full original headers show the path the message took to get to you. ITS staff members use this electronic trail to investigate the origins of an email message and it helps ITS tailor an appropriate response. It can also help U-M alert outside companies or institutions that someone is misusing their resources. The simple to/from you see on email can be spoofed, but headers provide reliable information ITS can act on. Below are directions on how to report with full headers for some common email systems.

Google Email Users

Report to U-M. Send the entire message to [email protected] or [email protected] by sending what Google calls the message original:

1. In the message you would like to report, click the 3 dots next to the Reply arrow to expand the menu of options and select Show Original.
2. In the Original Message screen, click Download Original to download the page as a .eml file.
3. Compose a new message, attach the file you downloaded, and send the new message and attachment to [email protected] or [email protected].

Report to Google. You can also report the phish to Google by using the Google's report phishing option.

Michigan Medicine Outlook Users

1. Select the suspicious email.
2. In the Outlook menu bar, click the Report Phishing button.
3. The email will be deleted, and Michigan Medicine Information Assurance will be notified.

The Report Phishing button is not available on mobile devices. If you don't see the button, send the suspected phishing email to [email protected] or [email protected].

Outlook Users

If you are using Outlook outside Michigan Medicine, you can report by sending the problem email to [email protected] or [email protected].

Follow these steps for your operating system:

Windows

1. Open the message you wish to forward.
2. Click the icon with three dots and select the option to Forward as attachment.
3. Type any additional information you wish to send and then click Send.

Mac OS

1. Start a new message. (It helps to resize the new message and inbox windows so you can see both at once.)
2. Drag and drop the message you wish to report into the new message window.
3. Hit send.

Apple Mail Users

Report to [email protected] or [email protected].

1. Select the email you wish to report.
2. In the View menu, select Message, and then Internet Headers to show the full headers.
3. Click the Forward button and forward to [email protected] or [email protected].