EOTSS Security Operations Center
The Details of How to Report a Phishing Email
What you need for How to Report a Phishing Email
The Commonwealth has been, and will continue to be, a target of phishing schemes and other web-based scams. It is incumbent upon us to remain vigilant.
Please follow the steps listed below if you have reason to believe you received a phishing email.
How to report How to Report a Phishing Email
You are no longer required to manually forward suspect messages to the EOTSS SOC. Per EOTSS’s new incident reporting processes, the PAB should now be the primary method by which you report suspected malicious messages.
The PAB icon should be visible in the Outlook ribbon at the top of your screen.
When viewing a suspected message, click the PAB to the initiate the reporting process.
You will now have the option to classify the message as either PHISH/SUSPICIOUS, SPAM, or UNKNOWN and enter comments up to 360 characters in length (optional).
After classifying the suspect message and entering your comments, click the PHISH ALERT button.
After clicking the PHISH ALERT button you will receive a confirmation popup that the suspect message was successfully reported to the EOTSS SOC.
Next steps for How to Report a Phishing Email
In most cases, phishing emails can be deleted and ignored once appropriately reported. However, if you've interacted with a phishing email, such as clicked on a link or provided sensitive information in response, please reach out to the EOTSS Security Operations Center to discuss next steps.