Report a Phishing Scam

If you receive a suspicious or questionable email, try to verify its legitimacy. If you can’t verify the email or if you suspect that it’s a phishing scam, report it.

Step 1: Verify

You can attempt to verify an email’s content by contacting through a separate channel

  • the IT support center
  • the alleged sender of the email
  • your unit’s IT Professional.

You can also verify information by comparing it to known legitimate sources such as official Web sites or publications. For example, major University of Delaware news is likely to be featured on UDaily, and email about a major event could be verified by finding a UDaily story corroborating the information.

Step 2: Report

If you can’t verify the email’s sender or information or if you suspect that it’s a phishing attempt, report it.

When reporting a phishing scam, include the complete headers and, when possible, the original source text of the message. Most email readers do not display this information automatically. While viewing the alleged phishing scam, look for an option labelled something like the following:

  • Full headers (Pine)
  • Internet Headers (Outlook)
  • Message Source (Thunderbird)
  • Open (a link at the top of the screen while reading email using Mirapoint–UD WebMail)
  • Raw source (MacOS X mail)
  • Show original ( and
  • The IT Support Center offers these links for more information on finding the full headers of a message in several different email programs:

You are a target. Information security is everyone’s responsibility.