Phishing and Spam Emails


  • Phishing emails are fraudulent attempts to obtain sensitive information (like user credentials). Entering information through a phishing email or website can lead to identity theft and compromised accounts. Phishing emails can also contain viruses or other unwanted software.
  • Targeting specific people, groups or departments is known as spear phishing. The messages may be tailored to a specific job function or spoof a known colleague or supervisor.

Phish Alert Button

  • If you are using the new version of Outlook available through Microsoft 365, you should now have a "Report to OU IT" Phish Alert button at the top of your Home ribbon. Use of the button is encouraged for any emails you believe are potentially suspect. Our security team will review the email in question and you should receive a response through your email once their work is complete.

    • In Outlook: Outlook Phishing menu icon

      • For Mac: If you do not see the Phish Alert button, you can click the ellipsis, then select Customize Toolbar. You'll now see the current icons at the top of the screen, to add Phish Alert, locate the button and click drag it to the top toolbar. Click Done when finished.

    • In Outlook Online, you will see the icon pictured above in the preview pane. If you open the email in a new window, look for the "Report" button, then select "Report Phish".
      • You may also set the Phish Alert button to appear on your mail by default. To begin, click the settings Gear icon in the upper right corner, then select View all Outlook settings. On the Mail tab, select Customize actions, scroll down and check the box for Phish Alert and then hit Save. Finally click to exit from the Settings popup window. The Phish Alert button should now be an available button on your mail if you wish to click and report it to OU IT.


Safety Tips

  • Only use your email address for University business, not personal business such as banking, online purchases, social media, etc.
  • OU IT will NEVER ask for your log in information via email.
  • Financial institutions will NEVER ask for your information through email. If you receive an email from them soliciting information, call them directly or visit their website through your browser (do not click any links in the email).
  • Attempt to call and verify with the sender. Especially if you receive an email with an attachment you were not expecting. Be cautious of attachments.
  • Be sure to check the sender’s address –  if expecting an OU address be sure that it is a valid email address.
  • Be careful when giving personal information.
  • Always check the web address and make sure it is correct.
  • Be aware that websites beginning with “http” are not encrypting your information, while those beginning with “https” are encrypting it.
  • Investigate the validity of a website if you receive a security warning through your browser.
  • Use free, downloadable phishing filters, which can help recognize whether or not you are visiting a legitimate website.
  • Change your password immediately if you have accidentally responded to a phishing email. You can change your OUNet ID password by visiting – and see when it was last changed.
  • If you receive an email asking you to purchase a gift card or something similar, always call the sender and verify that they really sent it.
  • Be alert when reading emails, especially when information is requested.


Awareness and Training

Human Firewall comes from the idea that security is not just a technology issue but rather a people and process issue. Cybercriminals are increasingly using people-centered attacks that rely on social engineering and human interaction - "the human factor" - the instincts of curiosity and trust that lead the unaware user to click on fake websites, download and install malware, move funds to fraudulent accounts, and more.

The Human Firewall program engages end-users by using the KnowBe4 training tools to focus attention on cybersecurity and help build digital self-defense skills through real-world scenarios.  This includes understanding what these attacks look like. Faculty, Staff, and students are all sent phishing simulations to help users recognize red flags more quickly through purposeful repetition. When you suspect a phishing attempt, use the Phish Alert Button in Outlook. This warns the OU IT security team of possible phishing attacks and malicious emails. 

Everyone is responsible for cybersecurity, making formal training and awareness programs a foundational component of any Cybersecurity Program.

  1. All OU Staff, Faculty, and Students must complete annual Phishing Awareness training.
  2. All OU Staff, Faculty, and Students that fail a scheduled OU IT phishing simulation must complete additional required Social Engineering Awareness training.
  3. OU Staff, Faculty, or Students found to violate University Information Security Policy must complete required Information Security training to be named at the time of Incident and commensurate with the Incident type.



  • More than 90% of the e-mail messages sent to campus are spam. OU IT blocks about 85% of all messages as spam. However, we cannot block all spam at a campus-wide level without increasing “false positives” (legitimate messages that get tagged as spam).
  • Attempt to unsubscribe from newsletters and advertisements to clear up your inbox.



Not all unwanted emails are spam or phishing attempts. Occasionally, you may receive emails from vendors advertising their products. These can typically be unsubscribed from at the bottom of the email. As always, make sure the vendor is legitimate before clicking any link within an email.


Junk Mail

You can use the junk mail settings in Outlook to further control who can or cannot send you emails. Select an email in your inbox, go to Junk at the top of the application, and then select Junk or Block Sender.



OU IT has implemented an email security gateway – Proofpoint – to help improve email security and protect users from spam and phishing emails.

The Proofpoint Messaging Security Gateway is an application that provides spam, virus, and content policy infrastructure to OU’s email applications. All incoming email is inspected by the Proofpoint Messaging Security Gateway as soon as it arrives at our campus. Messages that contain a virus, spam, or inappropriate content are sent to a Quarantine area.

For more information, see this article.


Service Alerts

Check Alerts Subscribe

Can't find what you're looking for?

Contact Us


Article ID: 231
Sun 9/6/20 2:33 PM
Thu 2/8/24 10:41 AM