Office 365: Reporting a Phish using the Phish Alarm Button
Frequently Asked Questions:
- Outlook Desktop Client (Windows & Mac)
- Outlook on the Web (OWA)
Users of Duke's Exchange Online system can report suspicious emails to OIT and the Duke IT Security Offices with one click of a button. This is the Phish Alarm button which is part of our Proofpoint mail system. The button is part of the Proofpoint service (https://oit.duke.edu/what-we-do/applications/proofpoint), already in use at Duke for protecting accounts against malicious links and attachments in emails.
The IT Security Offices and OIT are encouraging users to use the new “Phish Alarm” button to report any suspicious email instead of submitting a ticket or emailing the email@example.com list.
The new “Phish Alarm” button is available in all recent Outlook email clients (Outlook 2013, Outlook 2016, Outlook 2016 (Mac), Outlook Web Access (OWA), Outlook Mobile App (Android and iPhone)). The button looks generally like the icon below (it may not include the words PhishAlarm). Mobile devices do not use Outlook as their native client and therefore are not able to support the PhishAlarm button. Outlook can be installed through the Apple App Store or through the Google Play Store.
After clicking the button you are prompted to confirm the report of the suspicious message. Once confirmed, PhishAlarm will acknowledge your submission, and then send a copy of the email (including email header and content) to Proofpoint's Phish Alarm Analyzer and the Duke Security Offices for review and action. Any message determined to be a phish will be removed from the your mailbox. The system will also remove any copies of this message you have forwarded to others, and if the message was sent to a distribution list it will be removed from the mailbox of all members of the recipient group. The dialog boxes displayed look as follows:
Generally speaking the button will be found on the ribbon of the client. See the screen captures below for information on your particular client. If you are unable to find the button in your client, check to ensure the Add-In is installed
The button can be found on the right side of the ribbon of the client.
Within the message view window the button is in the same location:
If the button is missing, please restart the Outlook application. It should return.
You can find the button in Outlook on the Web in a couple of places depending on your settings.
If you've added the PhishAlarm button to the message surface you will find the icon in the message view ribbon. The image below shows the dialog when you hover over the icon:
If the button is missing from the expected location, click on the waffle icon to the right of the Reply, Reply All, and Forward buttons. The icon will be present there.
If you cannot locate the Waffle icon, please zoom out in your browser window - it will appear.
It is recommended that you download the Outlook app instead of using OWA via a mobile browser.
NOTE: Using a mobile browser no longer appears to be supported by Microsoft. Please use the Outlook app for Apple and Andoid devices.
Click on the Settings Gear, and then type in "Surface" in the search box. Click on "Message Surface"
You can also go to the main outlook settings and find this section under Mail -> Customize actions.
In the Message Surface section, find the check box for "Report Phish" that contains the appropriate icon, and select the checkbox. Click Save at the top, then close out the windows to go back to outlook web app.
In both Outlook for Android and Outlook for iOS the button can be found in the same manner. When previewing a message, click on the 3 dots on the right side of the message, and then click on the "Report Phish" button:
The instructions below are to add the button using OWA accessed via you can follow the same basic process within Outlook by using the "Get Add-ins" button.
- Look in the "More Actions" section represented by the ... on the top right corner of the message. Click on the three dots (...) then click on the "Get Add-ins" option towards the bottom.
- Next, navigate to the "Admin Managed" menu on the left, and select it.
- Scroll down and look for the "Report Phish" or "Report Phish to Duke" Add-in.
- If there is a button with the word "Add" available, click Add to install the add-in. If the word "Added" already appears then the button is already install in your client.
Article number: KB0031840
Valid to: February 21, 2025