What is Phish Alarm?

Phish Alarm is a tool that is available to all users at UCSF. With the click of a button, users can report a phishing or malicious message. As described here, the Report Phish button is available for both PC and Mac Outlook clients as well as on Outlook Web Access (email.ucsf.edu) and the Outlook Mobile App.

Even if you think an email might be a phish, report it and find out almost instantly in most cases. Overreporting is never an issue! All of the reporting information helps UCSF analyze, detect, and reduce risk.

UCSF IT Staff – See this link for additional technical details regarding the Phish Alarm tool (requires MyAccess login).

Outlook for PC

Outlook for PC has a Report Phish button in the top banner bar of Outlook. This same button will also appear on the top banner when you open any email message from within Outlook. If you do not see the Report Phish button, please see Where in the World Are My Report Phish and Staffbase Add-ins? | UCSF IT.

Outlook for Mac

Outlook for Mac has a Report Phish button in the top banner bar of Outlook. This same button will also appear on the top banner when you open any email message from within Outlook. If you do not see the Report Phish button, please see Where in the World Are My Report Phish and Staffbase Add-ins? | UCSF IT.

Outlook Web Access (email.ucsf.edu)

To report a phish from Outlook on the web, first add the "Report Phish" to your email button banner.

To do this, open any email and click on the upper-right dots "...".  A menu will appear.

Select " Customize actions". A page with various applications will appear. Select Report Phish and click Save.

The button will now be in your email button list.

If you don't want to have it in your ribbon, just redo the above steps and uncheck it. You can reenable it when you need it in the future.

If after you added it, you cannot see it, click on the upper-right dots "..." in the email.  Click on the Apps button and then Phish Alarm. Sometimes it is displaced by other content.

Outlook Mobile App

Outlook Mobile App has a Report Phish option within the More Actions menu.

How does it work?

After you report a phish with Phish Alarm, the reported message is sent to our automated security analysis system to be scored. After scoring is complete, you will receive an email notification. If the message was scored as malicious, the automated system will remove that message from your mailbox, and an IT Security Analyst will follow up with you if any additional steps are required.

If you feel that a message is scored incorrectly and actually malicious, open a ticket with the IT Service Desk to have an IT Security Analyst assigned to manually review and ensure the message is safe.

Online: https://ucsf.service-now.com/ess/ 
Main phone: 415-514-4100
Email: [email protected]

Phish Alarm FAQ

I reported a phish. How long until I know the score?

• Phish Alarm will generally take around 5 to 10 minutes to return a score. You will usually receive an email from [email protected] with the message’s score within 5 to 10 minutes. However, it can take longer depending on system utilization.

I see messages in my Sent folder to @analyzer.securityeducation.com, but I didn’t send them. What is this?

• This is the Phish Alarm tool forwarding a copy of your reported phish to the security analysis tool. Every time you report a phish, you will see a corresponding Sent email to that address.

I reported a phish, but the score came back clean, and I’m not sure that is accurate. What can I do?

• Since this is an automated tool, the analysis may not always "catch" the reason a person may feel that a message is phishing or is malicious. If the score you receive appears to be inaccurate, please open a ticket with the IT Service Desk so that an IT Security Analyst can be assigned to manually review the message in question.

If I use a third-party mail client (such as Thunderbird), where is the Report Phish button?

• Unfortunately, the report-a-phish button is only available in supported versions of Microsoft Outlook (both on Mac and PC). However, it is also available in Outlook Web Access (email.ucsf.edu). If you are primarily using a third-party mail client, when you want to report a phish, simply log into OWA to use Phish Alarm. 

Oops, I clicked a phishing link and provided information before I reported it with Phish Alarm. What do I do?

• Please open a ticket with the IT Service Desk as soon as possible so we can assign an IT Security Analyst to help resolve any potential security risk.