California State University, Sacramento

Based on real user feedback and statistics, no longer supports Microsoft’s Internet Explorer browser. Please upgrade your browser to improve your experience.

Skip to Main Content

Information Security Information Resources & Technology

Support Page Content

Report Phishing

Received something suspicious and confirmed that it appears, well, phishy? Now comes the important part - reporting it so the IRT Information Security Team can do some detective work to protect you and our campus community.

Here are the official ways to report a phishing attempt:

  1. Email the suspicious message as an attachment to
    • Open a new email message
    • Drag and drop the suspicious message into the body of the new message
    • Add a subject line and click send
    • Delete the message

  2. Click the "PhishMe Reporter" button in your Outlook menu.

How do I use the PhishMe Reporter button?

There's an even easier way to report phishing attacks - by clicking the built-in reporting button on your Outlook menu (look for the fish icon - pictured, right). The Cofense PhishMe Reporter button is from the same company we use to test our campus' cyberawareness with phishing drills, and it works very simply across a number of Outlook instances on your devices. Receive a suspicious message? Simply click the Cofense PhishMe Reporter button, and a report is automatically generated to our Information Security Team. Not only is it easier for you to use, the tool provides useful campus analytics to support future prevention strategies. Depending upon which instance or device(s) you access Outlook (mobile, Windows, Mac, and Microsoft 365), the location and experience using the PhishMe Reporter button may vary — see what it will look like.

Oops! I clicked a link or provided information - now what?

If you've clicked something in a phishing message and/or provided any credentials, we recommend you change your password immediately, and then contact the IRT Service Desk Team at or 916-278-7337.

Cofense Phishing Plugin for Outlook Logo

Fresh Phish: Beware of These Current Phishing Scams

Here's a list of current (and some ongoing) phishing attacks against campus accounts. We'll keep this list updated often, so check back whenever you wonder whether a new, widespread scam may be occurring.

  1. Fake Job Opportunity | September 2020
    View the campus SacSend on the "fake job opportunity" phishing attempts.
  2. IRS Tax Scams
    View the campus SacSend on IRS Tax Scams for more information, and refer to the IRS's Taxpayer Guide to Identity Theft. You can report directly to the IRS at
  3. COVID-19 Stimulus Payment Scams
    The IRS offers sound advice on how to not be fooled by the surge in COVID-19 stimulus payment scams, and the National Cybersecurity Alliance posted a handy tip sheet full of practical advice and contact numbers for tax scams and phishing attacks relating to COVID-19.
  4. Microsoft 365
    View the campus SacSend article on Microsoft 365 phishing for more information.
  5. Part-Time Job
    View the campus SacSend on Part-Time Job phishing for more information.
  6. Fake Voicemail Attachment
    A phishing email is circulating that mimics what our voicemail attachments look like. Instead of the usual .WAV file, it's an .htm file. If you click on the link, it takes you to a web page that asks for login information. The safest way to check your voicemail is to call the campus voicemail system at 916-278-4455, enter your full seven digit phone number (916-278-xxxx), then your voicemail password.