What is Phish Alarm?
Phish Alarm is a tool that is available to all users at UCSF. With the click of a button, users can report a phishing or malicious message. As described here, the Report Phish button is available for both PC and Mac Outlook clients as well as on Outlook Web Access (email.ucsf.edu).
UCSF IT Staff – See this link for additional technical details regarding the Phish Alarm tool (requires MyAccess login).
Outlook for PC
Outlook for PC has a Report Phish button in the top banner bar of Outlook. This same button will also appear on the top banner when you open any email message from within Outlook.
Outlook for Mac
Outlook for Mac has a Report Phish button in the top banner bar of Outlook. This same button will also appear on the top banner when you open any email message from within Outlook.
Outlook Web Access (email.ucsf.edu)
Outlook Web Access has a Report Phish option within the More Actions menu.
How does it work?
After you report a phish with Phish Alarm, the reported message is sent to our automated security analysis system to be scored. After scoring is complete, you will receive an email notification. If the message was scored as malicious, the automated system will remove that message from your mailbox, and an IT Security Analyst will follow up with you if any additional steps are required.
If you feel that a message is scored incorrectly and actually malicious, open a ticket with the IT Service Desk to have an IT Security Analyst assigned to manually review and ensure the message is safe.
Main phone: 415-514-4100
Phish Alarm FAQ
I reported a phish. How long until I know the score?
- Phish Alarm will generally take around 5 to 10 minutes to return a score. You will usually receive an email from donotreply_Proofpoint@ucsf.edu with the message’s score within 5 to 10 minutes. However, it can take longer depending on system utilization.
I see messages in my Sent folder to @analyzer.securityeducation.com, but I didn’t send them. What is this?
- This is the Phish Alarm tool forwarding a copy of your reported phish to the security analysis tool. Every time you report a phish, you will see a corresponding Sent email to that address.
I reported a phish, but the score came back clean, and I’m not sure that is accurate. What can I do?
- Since this is an automated tool, the analysis may not always "catch" the reason a person may feel that a message is phishing or is malicious. If the score you receive appears to be inaccurate, please open a ticket with the IT Service Desk so that an IT Security Analyst can be assigned to manually review the message in question.
If I use a third-party mail client (such as Thunderbird), where is the Report Phish button?
- Unfortunately, the report-a-phish button is only available in supported versions of Microsoft Outlook (both on Mac and PC). However, it is also available in Outlook Web Access (email.ucsf.edu). If you are primarily using a third-party mail client, when you want to report a phish, simply log into OWA to use Phish Alarm.
Oops, I clicked a phishing link and provided information before I reported it with Phish Alarm. What do I do?
- Please open a ticket with the IT Service Desk as soon as possible so we can assign an IT Security Analyst to help resolve any potential security risk.
I use OWA all the time, but getting to that Report Phish button requires a lot of clicks! Any way to make a shortcut?
- You can make a shortcut to the Report Phish button in OWA so that it appears in the quick action bar of any email. To do this, follow the instructions below or call the IT Service Desk at 415-514-4100 for assistance.
- Log into OWA (email.ucsf.edu).
- Click the settings (gear) icon in the top right corner.
- At the very bottom of the settings pane, click View all Outlook settings.
- In the left menu, choose Mail.
- In the secondary menu, choose Customize actions.
- Scroll down to Message surface.
- Select the checkbox for Report Phish. This will add the Report Phish button to all of your emails to allow a single-click report.