This content is viewable by Everyone
How to Request Access
Included with UCSF account.
What is Phish Alarm?
Phish Alarm is a tool that is available to all users at UCSF. With the click of a button, users can report a phishing or malicious message. As described here, the Report Phish button is available for both PC and Mac Outlook clients as well as on Outlook Web Access (email.ucsf.edu) and the Outlook Mobile App.
UCSF IT Staff – See this link for additional technical details regarding the Phish Alarm tool (requires MyAccess login).
Outlook for PC
Outlook for PC has a Report Phish button in the top banner bar of Outlook. This same button will also appear on the top banner when you open any email message from within Outlook.
Outlook for Mac
Outlook for Mac has a Report Phish button in the top banner bar of Outlook. This same button will also appear on the top banner when you open any email message from within Outlook.
Outlook Web Access (email.ucsf.edu)
To report a phish from Outlook on the web, first add the "Report Phish" to your email button banner.
To do this, open any email and click on the upper-right dots "...". A menu will appear.
Select " Customize actions". A page with various applications will appear. Select Report Phish and click Save.
The button will now be in your email button list.
If you don't want to have it in your ribbon, just redo the above steps and uncheck it. You can reenable it when you need it in the future.
Outlook Mobile App
Outlook Mobile App has a Report Phish option within the More Actions menu.
How does it work?
After you report a phish with Phish Alarm, the reported message is sent to our automated security analysis system to be scored. After scoring is complete, you will receive an email notification. If the message was scored as malicious, the automated system will remove that message from your mailbox, and an IT Security Analyst will follow up with you if any additional steps are required.
If you feel that a message is scored incorrectly and actually malicious, open a ticket with the IT Service Desk to have an IT Security Analyst assigned to manually review and ensure the message is safe.
Phish Alarm FAQ
I reported a phish. How long until I know the score?
- Phish Alarm will generally take around 5 to 10 minutes to return a score. You will usually receive an email from [email protected] with the message’s score within 5 to 10 minutes. However, it can take longer depending on system utilization.
I see messages in my Sent folder to @analyzer.securityeducation.com, but I didn’t send them. What is this?
- This is the Phish Alarm tool forwarding a copy of your reported phish to the security analysis tool. Every time you report a phish, you will see a corresponding Sent email to that address.
I reported a phish, but the score came back clean, and I’m not sure that is accurate. What can I do?
- Since this is an automated tool, the analysis may not always "catch" the reason a person may feel that a message is phishing or is malicious. If the score you receive appears to be inaccurate, please open a ticket with the IT Service Desk so that an IT Security Analyst can be assigned to manually review the message in question.
If I use a third-party mail client (such as Thunderbird), where is the Report Phish button?
- Unfortunately, the report-a-phish button is only available in supported versions of Microsoft Outlook (both on Mac and PC). However, it is also available in Outlook Web Access (email.ucsf.edu). If you are primarily using a third-party mail client, when you want to report a phish, simply log into OWA to use Phish Alarm.
Oops, I clicked a phishing link and provided information before I reported it with Phish Alarm. What do I do?
- Please open a ticket with the IT Service Desk as soon as possible so we can assign an IT Security Analyst to help resolve any potential security risk.