Phishing emails can look convincing, especially when they mimic Microsoft 365 alerts, delivery notices, or messages from familiar contacts.
This guide explains how to report phishing in Outlook, what happens after you submit a report, and how to strengthen your email security.
What Phishing Looks Like in Outlook
Phishing is a type of social engineering designed to trick you into revealing credentials, payment details, or other sensitive information.
In Outlook, these emails often use urgent language, fake login pages, spoofed sender addresses, or attachments that claim to require immediate action.
Common warning signs include:
- Requests to verify your password or account information
- Links that lead to domains unrelated to Microsoft, your company, or the stated sender
- Unexpected invoices, shipping notices, or password reset emails
- Threats that your account will be locked unless you act immediately
- Attachments such as .html, .zip, .iso, or macro-enabled Office files
Recognizing these signs early is the first layer of defense.
Reporting suspicious messages helps improve detection across Microsoft 365, Exchange Online, and other email security systems.
How to Report Phishing in Outlook?
Outlook provides built-in reporting options that let you flag a message as phishing without manually forwarding it to your security team.
The exact steps vary slightly depending on whether you use Outlook on the web, the new Outlook app, classic Outlook for Windows, or Outlook for Mac.
Report phishing in Outlook on the web
- Open the suspicious email.
- Select Report from the toolbar.
- Choose Phishing or Report phishing.
- If prompted, confirm the submission.
In many Microsoft 365 environments, the message is sent to Microsoft and, if enabled, to your organization’s security administrators.
Report phishing in the new Outlook for Windows
- Open the suspicious message.
- Click Report in the message ribbon.
- Select Phishing.
- Follow any confirmation prompt.
If your organization has the Report Message or Report Phishing add-in enabled, the process may open a small reporting window with an optional comment field.
Report phishing in classic Outlook for Windows
- Open the email or select it in the inbox.
- Go to the Home tab.
- Choose Report Message or Report Phishing, if installed.
- Select Phishing and submit.
Some tenants use Microsoft’s add-ins from the AppSource catalog, while others rely on integrated security buttons configured by the administrator.
Report phishing in Outlook for Mac
- Open the suspicious message.
- Select Report or the add-in button in the toolbar.
- Choose Phishing.
- Submit the report.
If you do not see a report button, your organization may need to enable the Microsoft report add-in or a third-party security integration.
What Happens After You Report a Phishing Email?
When you submit a suspicious message, Outlook or Microsoft Defender for Office 365 may analyze the email headers, sender reputation, URLs, and attached files.
Depending on the organization’s settings, the message can be moved to a reporting mailbox, sent to Microsoft for analysis, and used to improve automated detection.
For business and education tenants, reports may also feed into:
- Microsoft Defender for Office 365
- Threat Explorer and related investigation tools
- Anti-phishing policies in Microsoft 365
- Tenant-wide sender and domain blocking
In many environments, administrators can review user-submitted phishing reports to determine whether the email should be quarantined, blocked, or removed from other mailboxes.
Should You Delete the Email After Reporting It?
In most cases, yes.
After you report phishing in Outlook, you can delete the message from your inbox and Deleted Items folder if your organization does not require retention.
If you are a security or IT admin, follow your incident response policy before removing evidence.
Keep the email only if you need it for:
- Internal security review
- Law enforcement or compliance requirements
- Proof of user impact or reporting history
If you interacted with the message before realizing it was phishing, take additional steps immediately.
What to Do If You Clicked a Phishing Link?
If you clicked a suspicious link or entered credentials, report it to your IT or security team right away.
Fast action can reduce the risk of account takeover, mailbox rules abuse, OAuth token theft, and lateral movement inside a Microsoft 365 environment.
Follow these steps:
- Disconnect from the email if you are still viewing it.
- Change your password from a trusted device.
- Enable or confirm multifactor authentication (MFA).
- Check for unusual sign-ins in your Microsoft account or Azure AD sign-in logs if you have access.
- Review inbox rules, forwarding settings, and connected apps for unauthorized changes.
If you manage an organization, consider resetting sessions, revoking tokens, and scanning for related messages across user mailboxes.
How to Make Reporting Easier for Users?
Organizations often increase phishing visibility by deploying the Microsoft Report Message or Report Phishing add-in across Microsoft 365.
This gives users a simple, consistent way to submit suspicious messages from Outlook desktop and web clients.
Best practices for administrators include:
- Enabling the report button in Outlook for all supported clients
- Training users to report, not forward, suspicious messages
- Publishing a clear phishing response workflow
- Using Microsoft Defender for Office 365 anti-phishing policies
- Reviewing reported messages regularly to reduce false positives
Good reporting habits also improve your organization’s threat intelligence because Microsoft can correlate user submissions with broader attack campaigns, sender infrastructure, and malicious URLs.
What If the Report Button Is Missing?
If you cannot find a reporting option in Outlook, the feature may be disabled, unavailable for your version, or hidden behind an add-in.
Try these checks:
- Update Outlook to the latest available version
- Look for Report, Report Message, or Report Phishing in the ribbon or message menu
- Ask your administrator whether add-ins are blocked
- Check whether your account is using a consumer Outlook.com mailbox or a Microsoft 365 work account
For organizations, the absence of a report button is usually an admin configuration issue, not a user error.
How to Reduce Phishing Risk in Outlook
Reporting phishing is important, but prevention matters just as much.
Outlook and Microsoft 365 offer several controls that reduce exposure to malicious email.
- Turn on MFA for all users
- Use Microsoft Defender for Office 365 safe links and safe attachments
- Enable external sender labeling where supported
- Block legacy authentication that bypasses modern protections
- Review tenant-wide anti-phishing and spoof protection policies
- Train users to verify requests for passwords, gift cards, payments, and file shares
These measures help stop common attack patterns, including business email compromise, invoice fraud, credential harvesting, and fake Microsoft login pages.
Why Accurate Reporting Matters?
Accurate user reports help security teams prioritize real threats and tune filters for future attacks.
When employees and home users know how to report phishing in Outlook, they become part of the detection process instead of relying only on automated defenses.
That combination of user awareness, Microsoft security controls, and timely investigation is one of the most effective ways to limit the impact of email-based attacks in 2026 and beyond.