Microsoft Outlook "Report as Phishing" Add-in

The "Report as Phishing" add-in for the desktop Microsoft Outlook apps and on Outlook on the Web allows people to report suspected phishing and scam email messages. Using the feature will forward the message to IT staff, and will allow Information Security to receive detailed information from the message that is helpful in determining the message's origin and legitimacy.


This article is intended for students, faculty and staff.


Microsoft Outlook 2016, Outlook 2013 and Outlook on the Web for Microsoft Windows and Apple macOS.

Using the “Report as Phishing” Button

The Report as Phishing button is highlighted in red in an email.The “Report as Phishing” button will appear near the top left of all email messages. To use the feature:

  1. Click Report as Phishing.
  2. To confirm that you want to report the email as a phishing attempt, click Report Message.

The message will be sent as an attachment to and, and move the message to your Junk email folder. The message is sent as an attachment to ensure that the header information is intact. This allows us to gain some insight on the origin of the message, including things like the actual source email address, source email gateway, and source IP address. This information is collected to assist us with determining the legitimacy of a message, as well as helping us search for other similar messages from the same source.

Outlook on the Web

In Outlook on the Web, the option to report as phishing is found under Junk > Phishing.


“Report as Phishing” Button Does Not Appear

  • The "Report as Phishing" button will only be present on the desktop applications of Outlook 2016, Outlook 2013 and Outlook on the Web for Microsoft Windows and Apple macOS. If you are using Outlook on a mobile device, this feature will not be available.
  • If this is the first time you have added your to Outlook, or have just recently launched Outlook, it might take a minute or two for the feature to show up.
  • If you have multiple email accounts set up within your Outlook client, the button will only appear on messages for Ithaca College accounts.

When Clicking “Report as Phishing,” the Window Expands and Shows a Red X 

Report as Phishing button displaying an error icon.

An error sometimes occur when you click "Report as Phishing" and a red X displays. This will typically occur if you do not have "Protected Mode" enabled within Internet Explorer. Outlook uses this setting to run add-ins within an isolated container for increased security.  More information on Protected Mode from Microsoft >

To fix this:

  1. Open Internet Explorer.
  2. Click the  Gear in the upper right of Internet Explorer.
  3. Click Internet Options.
  4. Click the Security tab.
  5. Click Restricted Sites.
  6. Uncheck Enable Protected Mode. On college owned computers, this setting should automatically be enabled.
  7. Click Apply and close Internet Explorer and restart Outlook.


Article ID: 299
Mon 3/5/18 4:56 PM
Thu 8/22/19 11:42 AM