Information Technology Services
Information Technology Services

Phishing Reporting and Removal Procedure


When you receive an email that is deemed to be phishing, ITS requests that you forward the message with a subject line of "Phish" to This account is monitored by ITS for reports on phishing as well as other email abuse. When a phishing message is reported, ITS checks the email system to determine of the message meets the criteria for removal and notification to the campus.

Criteria for Removal (must be true):

  • Attempting to steal Queen’s Netid/Passwords


Criteria for Removal (at least one must be true):

  • Impersonating a member of Queen’s Administration

  • Impersonating ITS

  • Wide Spread delivery > 1000 messages

Dropping of Messages

In Office 365, a block is created so users are unable to pass the malicious message between accounts or to external sources (forwarding) as well as blocking the receiving of further messages, this is done as quickly as possible and can prevent a second wave of emails from reaching mailboxes. Users are still able to send message to and iTrack for reporting purposes.

Phishing Removal

If the message meets the criteria, they are removed programmatically using Microsoft Security and Compliance tool from all Office 365 mailboxes. If the phishing message came from an external email, the URL within the message can also be marked as malicious in ATP Safe Links, further protecting accounts that forward their email to external sources. ITS will post a notice on the ITS website whenever a phishing message is removed.

What can you do?

Report the Phishing message to with a subject of "Phish" and send the message to your Junk E-mail folder. If you entered your user name or password into the phishing website, immediately change your password via

Last Updated: June 5, 2017