How to Report a Phishing Email in

A little caution goes a long way when viewing suspicious emails

Bank Card on a hook
Peter Dazeley/Getty Images

A phishing scam is an email that looks legitimate but is an attempt to get your personal information. It tries to fool you into believing it is from a reputable company that needs some personal details—your account number, username, PIN code, or password, for example. If you supply any of this information, you may inadvertently give a hacker access to your bank account, credit card information, or website passwords. If you recognize it for the threat that it is, don't click anything in the email, and report it to Microsoft to make sure the same email doesn't deceive other recipients.

In, you can report phishing emails and have the team take action to protect you and other users from them.

Report a Phishing Email in

To report to Microsoft that you received an message that tries to trick readers into revealing personal details, usernames, passwords, or financial and other sensitive information:

  1. Open the phishing email you want to report in

  2. Click the down arrow next to Junk in the toolbar.

  3. Select Phishing scam from the drop-down menu that appears.

    Phishing submenu in Junk Mail menu on

If you receive phishing email from a person's email address that you would normally trust and suspect their account has been hacked, select My friend's been hacked! from the drop-down menu. You can also report spam that is not phishing—only annoying—by selecting Junk from the drop-down menu. 

Marking a message as phishing doesn't prevent additional emails from that sender. To do that, you have to block the sender, which you do by adding the sender to your blocked senders list

How to Protect Yourself From Phishing Scams

Reputable businesses, banks, websites, and other entities won't ask you to submit your personal information online. If you receive such a request, and you aren't sure whether it is legitimate, contact the sender by phone to see if the company sent the email. Some phishing attempts are amateurish and filled with broken grammar and misspellings, so they are easy to spot. However, some contain near-identical copies of familiar websites—such as your bank's—to lull you into complying with the request for information.

Common sense safety steps include:

  • Don't reply to an email that asks you for any personal information.
  • Don't open or download any files attached to a suspicious email.
  • Don't click any of the links that appear in the email.
  • Search the web for the email subject line. If it is a hoax, other people may have reported it.

Be particularly suspicious of emails with subject lines and content that include:

  • A request to verify your account immediately or the sender will close it
  • An offer of a large sum of money in exchange for your account information
  • An announcement that you're the big winner in a lottery you don't remember entering
  • A request for emergency financial help from a friend who is supposedly on vacation
  • A threat of bad luck if you don't reply
  • A notification that your credit card has been hacked
  • A request to forward the email to receive $500

Abuse Is Not the Same As Phishing

As damaging and risky as falling for a phishing email is, it isn't the same as abuse. If someone you know is harassing you or if you are being threatened via email, call your local law enforcement agency immediately. 

If someone sends you child pornography or child exploitation images, impersonates you, or attempts to involve you in any other illegal activity, forward the entire email as an attachment to Include information on how many times you've received messages from the sender and your relationship (if any).

Microsoft maintains a Safety and Security website with lots of information about protecting your privacy online. It is filled with information on how to protect your reputation and your money on the internet, along with advice on using caution when forming online relationships.