Reporting a Phishing Email

If you receive an email that you suspect is a phish and would like to report it to the ITS security team, please forward the email, including all header information, to ITS may be able to use the information in the email to block or mitigate that or similar phishing campaigns. Additionally, if the phishing email purports to be from a specific company, you may wish to report it to that company’s security or customer service teams, though be sure to find an email address published somewhere other than in the phish email.

Forwarding Phishing Email to ITS Security

The header of an email, which includes information about the email itself, the sender, and the servers through which the email passed, is not displayed or forwarded by default in most email clients, which makes properly reporting a phish slightly more difficult than simply pressing “forward”.

The exact method of forwarding an email with its complete header information varies between email clients. In general, you will need to open and copy the email’s header information, then paste that information into the message before forwarding it to the ITS security team. Instructions for doing this in Gmail and the Outlook Web Access client are below; for information on forwarding an email with its complete header information from your specific email client, see

Forwarding emails and headers from Gmail:

1. Open the suspected phishing email, but be careful not to follow any links or download any attachments contained in the message.

2. Click the down arrow next to the Reply button in the upper right-hand corner of the email window. From the drop-down menu that appears, click Show original. This will open a new window showing the email as a text document, with all the header information, links, and HTML markup visible.

3. Highlight and copy everything in this window. Go back to the original message, and click the Forward button. Paste the information into the top of the message, and send the email to

NOTE: Gmail also has a Report phishing option, found in the same drop down menu used above. Clicking this will alert the Gmail abuse team to the phish. Feel free to use this option in addition to forwarding the message to the ITS security team.

Forwarding emails and headers from Outlook Web Access:

1. Double-click the suspected phishing email to open it, but be careful not to follow any links or download any attachments contained in the message.

2. Next to the Forward button, click the icon that looks like three dots in a row (…). From the More actions menu that appears, click View message details.

3. A popup window will appear showing the complete header information. Highlight and copy this information, then close the popup window to go back to the original message.

4. Click the Forward button, paste the header information into the top of the email, and send it to

What To Do If You’ve Been Phished

Phishing emails are designed to trick users into opening attachments or navigating to specially designed pages in order to download malware onto your machine or gather login or other personal information. If you believe that you were phished, you should take several steps as soon as possible:

  • Change the password to the online account the phishing email was pretending to be from and to any other accounts that used the same login information.
  • Run a virus scan of your system using your anti-virus software. Sophos Endpoint Security is available, for free, to all USC students, faculty, and staff.
  • Forward the phishing email to
  • Regularly check your banking or credit card accounts for any unauthorized transactions that may have been initiated by the phishers.

For More Information

For more information about phishing, see the ITS Phishing Overview page.