Body
Overview
This article explains what information to submit and how to obtain the email headers needed for analysis.
If you receive a suspicious email that appears to be a phishing attempt, you can report it to the UIC Information Security Office for review. Providing a copy of the email and its full message headers helps security staff investigate the message, identify its source, and determine whether it poses a threat to the university community.
How do I report a phishing email for investigation?
To investigate a suspected phishing email, the Information Security Office requires two pieces of information. Send both items to security@uic.edu. If necessary, you may send them in separate emails.
Required Information
A copy of the email message
Please provide a copy of the suspicious email, including any links contained within the message. The easiest way to do this is to:
- Create a new email addressed to security@uic.edu.
- Drag and drop the suspicious email into the new message so it is attached as an email file.
A copy of the full email headers
Email headers contain technical information that helps security staff determine where a message originated and whether it is malicious. Most email applications hide message headers by default. In many cases, you will need to use a computer to retrieve them, as mobile email applications often do not provide access to message headers.
Instructions for Retrieving Email Headers
If you use another email client, refer to:
Important Notes
- Do not send screenshots or images of the email or headers. Security analysts must receive the actual text to perform an investigation.
- In some cases, Gmail may prevent message headers from being sent because it identifies them as suspicious content. If this occurs, copy and paste the headers into a text editor such as Notepad, save the file as a .txt file, and attach it to your email.