The header of an email, which includes information about the email itself, the sender, and the servers through which the email passed, is not displayed or forwarded by default in most email clients, which makes properly reporting a phish slightly more difficult than simply pressing “forward”.
The exact method of forwarding an email with its complete header information varies between email clients. In general, you will need to open and copy the email’s header information, then paste that information into the message before forwarding it to the ITS security team. Instructions for doing this from the web-based Gmail client in Google Apps at USC (Students) and the Outlook Web App client in Microsoft Office 365 (Faculty and Staff) are below; for information on forwarding an email with its complete header information from other email client, see www.haltabuse.org/help/headers.
Forwarding emails and headers from Gmail (Google Apps at USC)
- Open the suspected phishing email, but be careful not to follow any links or download any attachments contained in the message.
- Click the down arrow next to the Reply button in the upper right-hand corner of the email window.
- From the drop-down menu that appears, click Show original. This will open a new window showing the email as a text document, with all the header information, links, and HTML markup visible.
- Highlight and copy everything in this window.
- Go back to the original message, and click the Forward button.
- Paste the information into the top of the message, and send the email to email@example.com.
NOTE: Gmail also has a Report phishing option, found in the same drop down menu used above. Clicking this will alert the Gmail abuse team to the phish. Feel free to use this option in addition to forwarding the message to the ITS security team.
Forwarding emails and headers from the Outlook Web App (Microsoft Office 365)
- Double-click the suspected phishing email to open it, but be careful not to follow any links or download any attachments contained in the message.
- Next to the Forward button, click the icon that looks like three dots in a row, (…).
- From the More actions menu that appears, click View message details.
- A popup window will appear showing the complete header information. Highlight and copy this information, then close the popup window to go back to the original message.
- Click the Forward button, paste the header information into the top of the email, and send it to firstname.lastname@example.org.