Phishing and fraudulent email continue to pose a risk to the Cornell community. To help protect personal information and university resources, Cornell is streamlining how potentially harmful messages are reported.

Cornell community members can choose either PhishAlarm or the built-in reporting tools for Outlook or Gmail when flagging questionable messages until late May.

In support of Resilient Cornell fiscal goals, PhishAlarm will be retired on May 29, 2026.

What's Changing?

In the past, reports were sent either by forwarding email to the IT Security Office (ITSO) or by using a third-party tool called PhishAlarm. While effective, these approaches had limitations:

• Forwarded messages could generate additional unnecessary emails.
• PhishAlarm duplicates capabilities already available in modern email platforms and was selected for retirement as part of CIT's expense reduction in alignment with Resilient Cornell.

The built-in reporting features in Outlook and Gmail offer a simpler and faster way for individuals to respond to suspicious messages. In addition, the Microsoft Outlook reporting tools are tightly aligned with other Microsoft solutions used by the IT Security Office in their efforts to cut down on cybersecurity threats through email.

For step-by-step instructions and additional details, see the Report Suspicious Email web page.