SaaS Security - Office 365 Email - User Reported Phishing

Email users are key in fighting against phishing. Users can help to detect missed attacks, and let the security admins to block the detected attacks as well as future similar attacks.

Microsoft offers a built-in Mark as Phishing buttons in Outlook. When clicking on the buttons Microsoft gets notified of the suspected missed phishing, and many organizations encourage their users to report any suspected email.

Avanan can integrate into this 'missed phishing' mechanism, present the reports in the portal, and allow the admins to investigate and take actions as needed. When enabled, SmartPhish will capture emails sent to phish@office365.microsoft.com. This is the default behavior when phishing is reported on both the web and desktop clients.

Benefits

  • Present potentially missed attacks in the Avanan console.

  • Integrated solution for the security admins to investigate and take actions.

  • Simple, powerful way to increase end-users involvement and interact with them.

User Reported Phishing Dashboard

The user reported phishing dashboard allows to view the phishing reports made by the end-users.

Whenever a user marks an email as suspected phishing, a new entry is created in the dashboard, and the administrator can review it and perform the relevant actions.

To see the user reported phishing emails, navigate to User Interaction > User Reported Phishing.

user-reported-phishing

Integration with End-User Phishing Reports

Report Message Add-in

By default, Avanan integrates with the native Report Message add-in for Office 365.

When a user reports an email as phishing, the email shows up in the User Reported Phishing dashboard.

Dedicated Phishing Reporting Mailboxes

Organizations provide one or more dedicated mailboxes to end-users to forward phishing emails (for
example, phishing_reports@mycompany.com). You can configure Avanan to scan such mailboxes and add them to the User Reported Phishing dashboard.

To add dedicated mailboxes to the User Reported Phishing dashboard:

  1. Navigate to User Interaction > Configuration.
  2. Under User-Reported Phishing Emails, enable the Dedicated phishing reporting mailboxes checkbox.
  3. Enter the required mailbox email address.
    Note - To add multiple mailboxes, enter the mailbox addresses separated by a comma.
    user-reported-phishing-emails
  4. Click Save and Apply.

Note - All emails sent to these mailboxes generate events for administrators to review in the User Reported Phishing dashboard. Make sure these are dedicated mailboxes to report phishing.

Generating Events for User Reported Phishing

When a user reports a phishing email, the administrators can determine the event type to be generated by
the Avanan.

The available options are:

  • Create an "Alert" event
  • Create a "Phishing" event
  • Do nothing

To configure event type for the User Reported Phishing emails:

  1. Navigate to User Interaction > Configuration.
  2. Under User-Reported Phishing Emails > Workflow, select the event type to be generated.
    user-reported-phishing-workflow
  3. Click Save and Apply.

Enable Email as Phishing Option in Outlook

By default, in Outlook, the ability to report an email as phishing is enabled.

Office 365 administrators can add the Report Message add-in to their users’ desktop clients if it is not already enabled. To enable the Report Message add-in, refer to Microsoft documentation.

Report Phishing Email from Outlook

Web Client

image3

 

 

 

 

 

 

 

 

 

 

 

Desktop Client

image5

 

 

 

 

 

 

 

image1