Home / Cyber Security / How to Report a Phishing Email in Outlook and Gmail

How to Report a Phishing Email in Outlook and Gmail

Table of Contents

Knowing how to spot a phishing email is one thing — but knowing how to report it is just as important. When you report a phishing email in Outlook or Gmail, you help block the sender for thousands of other users and give your IT team a heads-up that an attack is in progress. It takes about ten seconds and could protect someone else from falling victim.

Why Reporting Phishing Emails Matters

Every time you hit delete on a phishing email without reporting it, that email keeps circulating. The sender stays active. Other people in your organisation or contact list may receive the same message and not be as alert as you. Reporting sends a signal to your email provider — and if enough people report the same sender, that address gets blocked globally.

For businesses, reporting also creates an audit trail. If your IT team sees a spike in phishing attempts targeting your organisation, they can investigate, warn staff, and take proactive steps before anyone gets caught out.

How to Report a Phishing Email in Microsoft Outlook

Microsoft has built phishing reporting directly into Outlook, both the desktop app and the web version.

Outlook Desktop (Microsoft 365)

  1. Open the phishing email (do not click any links inside it).
  2. In the ribbon at the top, click Report.
  3. Select Report Phishing from the dropdown.
  4. Confirm your selection when prompted.

If you do not see the Report button, your organisation may not have the Microsoft Report Message add-in installed. Ask your IT administrator to enable it, or use the web version of Outlook instead.

Outlook on the Web (outlook.com or Microsoft 365 webmail)

  1. Open the suspicious email.
  2. Click the three-dot menu at the top right of the message.
  3. Select Report, then Report phishing.
  4. The email will be sent to Microsoft for analysis and moved to your Junk folder.

Outlook Mobile (iOS and Android)

  1. Open the email.
  2. Tap the three-dot menu in the top right corner.
  3. Select Report Junk, then choose Phishing.

How to Report a Phishing Email in Gmail

Google also makes phishing reporting straightforward in both the desktop and mobile versions of Gmail.

Gmail on Desktop

  1. Open the phishing email.
  2. Click the three-dot menu at the top right of the email, next to the reply button.
  3. Select Report phishing.
  4. Click Report Phishing Message to confirm.

Gmail will move the message to your Spam folder and submit it to Google for review.

Gmail on Mobile (iOS and Android)

  1. Open the email.
  2. Tap the three-dot menu in the top right corner.
  3. Select Report phishing.

Should You Also Forward the Email to Anyone?

For personal accounts, reporting through Outlook or Gmail is usually enough. For business accounts, you may also want to:

  • Forward to your IT team — so they can investigate and warn colleagues if the attack is targeting your organisation.
  • Forward to the NCSC — the UK’s National Cyber Security Centre accepts phishing emails at [email protected]. This helps them take down malicious sites faster.
  • Report to Action Fraud — if you believe a crime has been committed or financial fraud was attempted, you can report at actionfraud.police.uk.

Reporting the email is still the right first step, but there are additional things you should do immediately. Read our guide on what to do if you clicked a suspicious email link — it walks through exactly how to limit the damage and secure your accounts.

If you are unsure whether an email is genuine, our guide to how to spot a phishing email covers the warning signs to look for before you click anything.

What Happens After You Report a Phishing Email?

When you report a phishing email in Outlook or Gmail, a few things happen automatically:

  • The email is moved to your Junk or Spam folder.
  • A copy is sent to Microsoft or Google for analysis.
  • If the sender is confirmed as malicious, their emails may be blocked for all users of that platform.
  • Malicious websites linked in the email may be added to block lists, preventing others from reaching them.

You will not usually receive a personal response, but your report does contribute to wider protections.

Good Habits to Develop

Reporting phishing is a habit worth building. Any time you receive an email that feels off — unexpected requests for login details, urgent messages about suspended accounts, invoices you did not request — report it rather than just deleting it. It takes ten seconds and could save someone else a serious headache.

For an extra layer of protection on your accounts, consider setting up multi-factor authentication so that even if a phishing attempt does capture your password, attackers still cannot get in.

Sign Up For Daily Newsletter

Stay updated with our weekly newsletter. Subscribe now to never miss an update!

[mc4wp_form]

Related Posts

How to Tell If Your Computer Has a Virus
What Is a Data Breach? What It Means and What to Do
What to Do If You Think You Have Been Hacked

Leave a Reply

Your email address will not be published. Required fields are marked *