Setup Phish Reporter in Microsoft
Our Phish Reporter feature allows Microsoft users to utilise a company email address, such as PhishReport@yourdomain.com, to internally monitor all emails reported by your learners and to measure reporting of phishing simulations in the Security Awareness Platform.
Step 1. Creating a Contact in the Exchange Admin Center (EAC)
Sign into Microsofts Exchange Admin Center
- Select Contacts under the Recipients section
- Click the “+Add New Mail Contact” button
- In the contact fields add the following information
- First Name: Phishing
- Last name: Report
- Display Name: Security Awareness Platform or Preferred name
- Alias: Phishing
- External Email address: report@phish.goldphish.com
4. Click Save
Step 2. Create a shared mailbox
Shared Mailboxes do not use or require a license.
- Select Mailboxes under the Recipients section
- Click the Add a shared mailbox button
- In the Shared Mailbox fields add the following
- Display Name: PhishReport
- Email address: PhishReport
- @: Use the Select Domain drop-down to select your domain.
4. Click Create.
Step 3. Set up Forwarding on the Shared Mailbox to the Contact
Now that you have a Contact and a Shared Mailbox created, we need to set up forwarding on the shared mailbox to send email to the contact.
- Click on the Shared Mailbox you created to bring up a Settings Menu
- Select Email forwarding
3. Toggle “Forward all emails sent to this mailbox to ON
4. In the "Forward to an internal email address section, use the Search Email button to search for the contact that was created earlier.
5. If you want to keep a copy of the email that is sent to our reporting mailbox make sure to check the box next to "Deliver Messages to both forwarding address and mailbox"
6. Click Save
NOTE: On completion of Step 3 you will now be able to utilise the Phish Reporter feature, you can do so by having employees simply forward the email in question to your reporting mailbox PhishReport@yourdomain.com and if you followed the above Steps 1-3 correctly, then they will be recorded for the simulation campaign.
Advanced Reporting
Step 4. Set up Microsoft's Report Phishing Add-in
NOTE: This step describes how to configure the Office 365 'Report Phishing' add-in for Outlook and Outlook on the web. Skip and proceed to Step 5 if you are using Microsoft Defender.
Installing the Office 365 'Report Phishing' add-in
Your organisation must be willing to accept Microsoft's terms of use before installing the Report Phishing add-in.
- Go to the Microsoft AppSource and search for the Report Phishing add-in.
- Click the Get it now button.
- Follow the instructions to complete the installation.
Note: It could take up to 12 hours for the add-in to appear in your organisation. Once it does, you can configure it to include the SERS service.
Including our Platform in the Report Phishing add-in
- Log into the Microsoft 365 Admin Center.
- Navigate to the Exchange Admin Center.
- From here navigate to Mail Flow -> Rules.
- Click the Create New Rule button. A ‘New Rule’ window is displayed.
- Enter a name for your rule, something like Phish Reporter.
- Set Apply this rule if to The recipient is phish@office365.microsoft.com
- Set Do the following to Bcc the message to report@phish.goldphish.com & phishreport@yourdomain.com. The rule should look as follows.
- Click the Save button. The rule is added. All emails flagged using the Report Phishing button will be routed to your internal Reporting mailbox and to the Security Awareness Platform.
Step 5. Set up Microsofts Reporting Button in Microsoft Defender
This covers setting up Microsoft's Reporting button for users of Microsoft Defender and adjusting the functionality. This will forward email directly to our Platform and not to Microsoft. This prevents Microsoft from running additional scanning on the email.
Please note some of these options recently changed.
Sign in to Microsoft 365 Defender portal
- Navigate in your browser to: https://security.microsoft.com/securitysettings/userSubmission
- Select the On/Off button to turn the feature on.
Select the Use Built-In "Report button option.
- Toggle the Microsoft Outlook Report Message button to ON
- Check the box next to "My organization’s mailbox" only
- In the email address field put in the Shared mailbox Email address that was created earlier. It would be something like PhishReport@yourdomain.com
- Uncheck the box for "Let users choose if they want to report"
- Scroll down and Toggle OFF the quarantine report message button
- Select 'Save'
Sample Communication for Internal Staff
To help your employees use the Phish Reporting Buttons (add-in or built-in), we've produced some sample communication that you may wish to modify and distribute.
SAMPLE COMMUNICATION BEGINS
Report an email you think is a scam
If you have received an email which you’re not quite sure about, forward it to PhishReport@yourdomain.com
✅ Forward us as many suspicious emails as you like.
✅ Send us emails that feel suspicious, even if you're not certain they're a scam - we can check.
✅ Report emails even if you think they're a simulated phishing test - you'll get high fives.
⛔ Don't click on any links in a suspicious email.
⛔ Don't open any attachments in a suspicious email.
⛔ You don't need to forward us suspicious emails you find in your spam/junk folder.
We've also made changes to Outlook, so that you can easily report phishing emails in your inbox with one click. If you receive any email that you suspect is suspicious, select the message and click the new Report Phishing button.
If you're using the full Outlook program, the button appears in the main toolbar:
If you're using Outlook via a web browser, the button appears in the sidebar:
Once clicked, you'll be asked to confirm the submission:
By reporting suspicious emails, you will be helping to keep yourself, colleagues, and our organisation safe from cyber crime. If you have any questions about this reporting feature please reach out to your IT helpdesk. Thank you for your support.
SAMPLE COMMUNICATION ENDS
This Concludes setting up a Reporting button within Microsoft and Reporting feature to the Security Awareness Platform.
NOTE: Once you have set up the Phish Reporter feature in your email client - we recommend you test this function with a phishing simulation campaign sent to a single user.
Our Support Team is happy to help if you have any questions or require additional assistance. You can contact us anytime by submitting an email to support@goldphish.com