Reporting Cyber Threats

If you receive an email that you suspect to be spam, or suspect may be an attempt to spoof or phish your account, it is extremely important that you report this to the NHSmail helpdesk.

You will NEVER legitimately be asked to provide your NHSmail credentials to anyone. Do not respond to or follow any links within an email that asks you for your login details. If you receive an email asking you for your NHSmail account credentials please report it following the instructions below. If you have responded in any way to any such email please contact your Local IT service desk immediately and report it to them in the first instance. They will be able to provide initial support and advice on further actions, such as password changes.

To report suspicious emails, users have two options:

  1. Use the Trend Micro Phishing Reporting Tool
  2. Follow the guidance below to provide a copy of the message in a suitable format to the SpamReports mailbox

In order for the service to efficiently process your spam report please ensure that you have attached a copy of the offending email in .eml or .msg format. This must be attached directly from your mailbox (not from a forward or copy). The guidelines below explain how to do this and report it to:

If you choose to simply mark an email as junk in Outlook, the sender’s emails will no longer arrive in your inbox but the threat will not have been reported to the NHSmail service and may still affect other users.

If you have already attached a copy of the spam mail in the correct format, and it has been taken directly from the recipient’s mailbox, then it will be uploaded to the spam filters for blocking. Please allow up to 48 hours for this blocking process to take effect. No further correspondence will be required.


Reporting threats with Microsoft Outlook

Forward the email to as an attachment for virus analysis and central trend monitoring:

  1.  Select the suspect email from your email list
  2.  In the Outlook ribbon in the respond area, select ‘More’ and then select ‘Forward as Attachment’.
  3.  In the email window that opens add as the recipient in the ‘To field’.
  4.  Click Send.


Reporting threats with Outlook Web App (OWA)

Follow the instructions below to save a copy of the email you suspect is spam in Outlook Web App (

  1. Click on the Spam Email in the reading pane to select it
  2.  Click on the New mail icon in the top left of the screen
  3.  Drag and drop the spam email from the email list into the body of the new blank email
  4.  Type into the To: field
  5.  Enter the appropriate subject text a. Note: It is recommended that you use spam, phishing or malicious depending on the type of email you are reporting
  6.  Click Send

How to report junk or phishing emails via OWA

You can report Phishing or Junk emails via OWA to report spam and phishing messages:

  1. Select the message from Inbox
  2. Click on Junk and then select Junk or Phishing from the drop-down menu


The selected messages will be sent to Microsoft for analysis. For more information please see guidance from Microsoft here.

Last Reviewed Date 5/7/2021
Updated on 28/06/2022

Related Articles

Need Support?
Can’t find the answer you’re looking for? Don’t worry we’re here to help!
Contact Support
back to top