Phishing is a common and effective form of cybercrime. Cybercriminals use emails, text messages, and direct messages on social media or in video games to trick people into sharing personal information. The best defense is being aware and knowing the signs to look for.



Here are some ways to recognise a phishing email:

  1. Urgent Call to Action or Threats: Phishing emails often create a sense of urgency, such as "Your account will be suspended" or "Immediate action required."
    • Example: "Your account has been compromised. Click here to secure it immediately."
  2. First-Time, Infrequent Senders, or Senders Marked [External]: Be cautious if the email is from someone you don't usually communicate with or if it's marked as external.
    • Example: An email from a supposed bank you've never interacted with before, asking for account verification.
  3. Spelling and Grammar Mistakes: Many phishing emails contain poor grammar and spelling errors. Legitimate companies usually proofread their communications.
    • Example: "Dear custumer, your acount has been locked due to suspicious activty."
  4. Generic Greetings: Legitimate companies usually address you by your name. Be cautious if the email starts with a generic greeting like "Dear Customer."
    • Example: "Dear User, we need to verify your account information."
  5. Mismatched Email Domains: Check if the sender's email address matches the domain of the company they claim to represent. For example, instead of @paypal.com, it might be @paypa1.com.
  6. Verification Banners: Outlook and other email clients may show a banner indicating they couldn't verify the sender. Take this as a warning sign.
    • Example: A banner at the top of the email saying, "We could not verify the sender of this email."
  7. Suspicious Links or Unexpected Attachments: Hover over any links to see if the URL matches the text. Be wary of attachments you weren't expecting.
    • Example: A link that says "Click here to update your account" but points to a suspicious URL when you hover over it.
  8. Requests for Personal Information: Be cautious if the email asks for sensitive information like passwords, credit card numbers, or Social Security numbers.
    • Example: "Please provide your Social Security number to verify your identity."
  9. Too Good to Be True Offers: If an email promises something that seems too good to be true, it probably is.
    • Example: "Congratulations! You've won a $1,000 gift card. Click here to claim your prize."



To report a phishing message in Outlook.com or Microsoft 365 Outlook:


1. Outlook.com and Microsoft 365 Outlook: Select the suspicious message, then choose Report > Report phishing from the ribbon. This will remove the message from your Inbox and help improve filters.


2. Microsoft Teams: Hover over the malicious message, select More options > More actions > Report this message. Choose Security risk - Spam, phishing, malicious content, then click Report.