Phishing is the primary method cybercriminals use to hack into target systems, steal sensitive data, and launch ransomware attacks. These fraudulent emails often impersonate trusted people or organizations or create a false sense of urgency to trick people into clicking malicious links, downloading harmful attachments, or revealing login credentials.
While it may be tempting to simply delete a suspicious email or mark it as spam, doing so doesn’t help protect others. Instead, we need everyone at Carleton to take an extra step: report phishing using Gmail’s “Report phishing” feature.
When you report phishing through Gmail, you:
✅ Help Google improve its phishing detection. Reporting phishing trains Gmail’s security filters, making it harder for attackers to reach inboxes across campus.
✅ Alert IT immediately. Our InfoSec team receives a notification and can take action, such as removing the phishing email from other inboxes, blocking the sender, and alerting those who may have interacted with it.
✅ Help prevent cyberattacks. Your quick action can stop an attack before it spreads, protecting campus data, systems, and users.
AI is Making It Harder to Detect Phishing
Cybercriminals are now leveraging AI to craft phishing emails that are more convincing than ever. In the past, phishing messages were often easily recognized because of poor spelling, grammar, and formatting. Now, AI-generated phishing emails are well-written and more personalized. As a result, traditional red flags are becoming less reliable.
Instead of looking for obvious mistakes, focus on context:
- Is this message intended for me? Does it reference something specific to my role or responsibilities?
- Is this a message I was expecting? Does it align with previous conversations or known processes?
- Do I know this sender? Even if the name looks familiar, verify the email address and be cautious of unexpected messages.
How to Report Phishing in Gmail
It’s simple and only takes a few seconds:
- Open the message, but don’t interact with it. Don’t click any links or open any attachments.
- Click the three-dot menu in the upper-right corner of the email.
- Select “Report phishing.”
That’s it. Gmail will remove the email from your inbox and notify Google’s and Carleton’s security teams.
What Not to Do
🚫 Do NOT just delete the email. This removes it from your inbox but does nothing to help others.
🚫 Do NOT mark it as spam. Spam filtering is different from phishing detection. Marking phishing as spam only affects your inbox and doesn’t alert IT.
Your Actions Keep Carleton Safe
Phishing attacks are a threat to everyone on campus. But by reporting phishing emails instead of ignoring or deleting them, you play an active role in protecting our community. It’s a simple but powerful way we all work together to keep Carleton’s data and systems secure.
If you ever have questions about a suspicious email, contact the IT Helpdesk or InfoSec team before taking action. Let’s stay vigilant and keep Carleton safe!
For more info on how to report phishing check out this 1-minute video.