You can use the threat details of reported emails to get a better understanding of how end users interact with phishing emails, and to analyze reported emails for security threats.

1. Sign in to the MA Portal.
2. In the menu bar, click Reported Phishing.
3. Click Reported Emails list, and then search for the reporter, date, or threat level to filter the listed results.
4. In the Threat Level column, click View Threat Details.

   The reported emails table includes this information:

   • Date Reported — The date and time the email was reported as phishing.
   • Reporter Email — The email address of the user who reported the email as phishing.
   • Graph Message ID — The unique message ID of the email reported as phishing.

     See Track a suspicious email using a Graph Message ID for more information.

   • Overall Score — The overall score categorization for the email.

     See View reported emails for more information.

   • Sub-scores — Sub-scores assess the email, and then assign it a risk score. The sub-scores together form the overall score. Sub-score sections are:
     • Header Analysis — Low, Medium, or High risk.
     • Content (Body Content) — Low, Medium, or High risk.
     • Content (URL) — Low, Medium, or High risk.
     • Attachment — Low, Medium, or High risk.
5. Click X to exit the Expanded Scoring window.