SaaS Security - Office 365 Email - User Reported Phishing
Email users are key in fighting against phishing. Users can help to detect missed attacks, and let the security admins to block the detected attacks as well as future similar attacks.
Microsoft offers a built-in Mark as Phishing buttons in Outlook. When clicking on the buttons Microsoft gets notified of the suspected missed phishing, and many organizations encourage their users to report any suspected email.
Avanan can integrate into this 'missed phishing' mechanism, present the reports in the portal, and allow the admins to investigate and take actions as needed. When enabled, SmartPhish will capture emails sent to phish@office365.microsoft.com. This is the default behavior when phishing is reported on both the web and desktop clients.
Benefits
-
Present potentially missed attacks in the Avanan console.
-
Integrated solution for the security admins to investigate and take actions.
-
Simple, powerful way to increase end-users involvement and interact with them.
User Reported Phishing Dashboard
The user reported phishing dashboard allows to view the phishing reports made by the end-users.
Whenever a user marks an email as suspected phishing, a new entry is created in the dashboard, and the administrator can review it and perform the relevant actions.
To see the user reported phishing emails, navigate to User Interaction > User Reported Phishing.
Integration with End-User Phishing Reports
Report Message Add-in
By default, Avanan integrates with the native Report Message add-in for Office 365.
When a user reports an email as phishing, the email shows up in the User Reported Phishing dashboard.
Dedicated Phishing Reporting Mailboxes
Organizations provide one or more dedicated mailboxes to end-users to forward phishing emails (for
example, phishing_reports@mycompany.com). You can configure Avanan to scan such mailboxes and add them to the User Reported Phishing dashboard.
To add dedicated mailboxes to the User Reported Phishing dashboard:
- Navigate to User Interaction > Configuration.
- Under User-Reported Phishing Emails, enable the Dedicated phishing reporting mailboxes checkbox.
- Enter the required mailbox email address.
Note - To add multiple mailboxes, enter the mailbox addresses separated by a comma. - Click Save and Apply.
Note - All emails sent to these mailboxes generate events for administrators to review in the User Reported Phishing dashboard. Make sure these are dedicated mailboxes to report phishing.
Generating Events for User Reported Phishing
When a user reports a phishing email, the administrators can determine the event type to be generated by
the Avanan.
The available options are:
- Create an "Alert" event
- Create a "Phishing" event
- Do nothing
To configure event type for the User Reported Phishing emails:
- Navigate to User Interaction > Configuration.
- Under User-Reported Phishing Emails > Workflow, select the event type to be generated.
- Click Save and Apply.
Enable Email as Phishing Option in Outlook
By default, in Outlook, the ability to report an email as phishing is enabled.
Office 365 administrators can add the Report Message add-in to their users’ desktop clients if it is not already enabled. To enable the Report Message add-in, refer to Microsoft documentation.
Report Phishing Email from Outlook
Web Client
Desktop Client