Phish Alert Button (PAB)

How to Report Phishing to the Office of Information Security

The Phish Alert Button (PAB), pictured below, will appear in Outlook Desktop and Outlook Mobile.

Phishing is the most common tool used by cybercriminals to steal login credentials, personal information, data, and intellectual property. If you receive a “phishy” email (i.e., an email that demands unexpected quick action, comes from an unknown sender, asks you to supply login credentials or other personal information, etc.), please protect yourself and others at our institution by using the Phish Alert Button (PAB). When you report a phish using the PAB, our office will investigate the threat and take any necessary action, such as removing all similar messages from systems and notifying our community of the threat.

Where to Find the PAB

The appearance of the PAB varies slightly according to the version of Outlook you use. In all versions, the PAB icon appears as an open envelope with an orange fishhook. When there is accompanying text, some versions will read “Phish Alert” while others will say “Report Phish”. Please see below for examples of the icon in various environments.

Don’t have the PAB? Report phishing by sending us an attachment.

Report the phishing message to the Office of Information Security by sending it as an attachment to infosec@wustl.edu. The guidance below provides step-by-step instructions for sending an email as an attachment in the most common desktop clients. Unfortunately, the ability to send an email as an attachment is not available on most mobile clients.