Report a Phish

Why reporting matters

When you report a phishing attempt, you accomplish two critical tasks:

  • Helping the proper authorities catch and bring phishers to justice
  • Protecting your community from being victims of the same phishing attack

That's why it is critical not to just recognize and rethink—but also to report

At IU, once a reported phish is analyzed and confirmed, our policy and security teams can take steps to protect everyone else on the IU network.

When you report suspected phishing emails correctly through the provided IU channels, you help IU mitigate attacks early and efficiently.

How to report 

There are different ways to report a phish, depending on what it's targeting and what tools you have to report it. The following instructions from the IU Knowledge Base provide more details.

Report phishing attempts

  • If the phishing attempt targets IU in any way (for example, it asks for those using IU Exchange to "verify their accounts", includes a malicious PDF directed to university human resources, or impersonates IU or UITS), forward it with full headers to phishing@iu.edu.

    For instructions on displaying and sending full headers, see Display and send the full headers of an email message.

    Note:
    The UIPO (University Information Policy Office) can take action only if the message asks for IU account credentials or originated from within IU. All other spam should be reported to the appropriate authority below. If the message did originate from within IU, see If you receive spam.
  • Outlook users can install the PhishMe Reporter add-in for Windows or Mac to report phishing attempts with a single click. The PhishMe Reporter add-in automatically includes the headers in the report. For more, see About the PhishMe Reporter add-in.
  • You can report a phishing scam attempt to the company that is being spoofed.
  • You can also send reports to the Federal Trade Commission (FTC).
  • Depending on where you live, some local authorities also accept phishing scam reports.
  • Finally, you can send details to the Anti-Phishing Working Group, which is building a database of common scams to which people can refer.

For more about phishing scams, see Email & Phishing Scams.

Before you can report, you have to recognize.

Get tips & strategies

Learn how to think before you click with quick tips and key strategies.

Tips & strategies

Explore training options

IU provides several great options to boost your defenses even more, including free online courses, interactive workshops, and a simulation service.

Discover training