Using the built-in phishing report buttons in Outlook and Gmail helps improve future detection within those systems. But Microsoft’s reporting goes a step further— it doesn't stop with just moving the email to your spam/junk folder. Reports flow directly into Microsoft Defender, where security teams can analyze patterns, automate responses, and protect others more quickly.

Encouraging use of these built-in tools also simplifies the reporting process. Most people can easily locate the built-in reporting options in their email toolbar—whether on a desktop, in a browser, or on a mobile device—making it faster and more intuitive to flag suspicious messages.

Within the first month of promoting these tools, the IT Security Office saw clear results. In one 24-hours period, over 600 reports were submitted through the built-in buttons.

Behind the scenes, The IT Security Office has begun integrating phishing report analytics directly into the alerts dashboard used by the security team. This tighter integration allows Cornell security engineers to monitor shifts in activity and respond to emerging threats without switching between tools or interfaces.

As one security engineer explained, the system works best with community participation: “We rely on people across Cornell to let us know when something doesn’t look right. Every report helps strengthen our defenses.”

Reminder: PhishAlarm retires May 29, 2026. Identify and use the built-in tools to build familiarity before the PhishAlarm option disappears.