Phin’s Outlook Report Phishing Button
Phin’s Outlook Report Phishing Button is an integrated tool for Outlook that enables employees to report phishing emails directly from their inbox, supporting phishing simulations with positive reinforcement, forwarding suspicious emails to managed service providers for analysis, and offering an unsubscribe option for promotional senders, thereby enhancing user engagement in cybersecurity and simplifying threat reporting.
What is the Phin Outlook Report Phishing Button?
Phin’s phishing button, Report Phishing, is designed to complement phishing campaigns by allowing employees to report emails as “phishing” directly from their Outlook inbox. It serves as both a training and reporting tool, helping users participate in real-life phishing simulations in a positive learning environment.
Why Was It Created?
Even if users do not fall for phishing attempts, failing to report suspicious emails can still pose a significant security risk. The Report Phishing button encourages users to take proactive steps, reinforcing positive security behaviors and simplifying cybersecurity for end users. Positive reinforcement is used to reward good actions and help users adapt confidently.
Phin also offers a Microsoft Defender Integration, connecting the Report Phishing button to the Microsoft Defender Submissions tool.
How Does It Work?
The Report a Phish button is available in Outlook Web App (OWA) and Outlook Desktop App. When a user selects Report Phishing, the experience depends on the type of email being reported:
Phin Phishing Simulation
- When a phishing simulation is reported, the email is archived and the action is recorded.
- Users receive a congratulatory message as positive reinforcement.
- Note: Users must close the pop-up to ensure the action is recorded in analytics.
Suspicious Email
- When a suspicious (non-simulation) email is reported, it is forwarded to the user's MSP and removed from the inbox.
- The forwarded email is sent as an EML file attachment with a message from Phin, indicating it was reported as phishing.
- These files can be analyzed manually or with other tools.
Unsubscribe Feature
- When reporting an email that appears to be promotional or from a mailing list, users may see an "unsubscribe from this sender" checkbox.
- If checked, the add-in attempts to unsubscribe the user from that sender (similar to Gmail's unsubscribe feature).
- This does not affect the reporting of the email.
Relation to Security Awareness Training (SAT) Programs
When users report phishing simulations, this positive behavior is tracked in Phin's Admin Portal. Analytics and automated reports provide insights at both user and company levels, helping organizations monitor program performance.
- Phishing Analytics: Metrics are available in User Analytics and the Phishing > Analytics page.
- Automated Reports: Metrics appear in Performance Reports, Users to Watch tables, and Historical Data tables.
Permissions Required
- User.Read.All: Reads user profiles to import Microsoft Azure users into Phin.
- MailboxSettings.Read: Reads mailbox settings for triage visibility.
- Mail.Send: Forwards reported phishing emails to configured addresses or Microsoft’s reporting service.
- ThreatSubmission.ReadWrite.All: Submits reported emails for threat analysis to Microsoft Defender.
- ThreatHunting.Read.All: Queries Defender for Office 365 hunting data for URL click events and related telemetry.
Phin uses these permissions to access users' inboxes for mail forwarding and reporting.
Setup Instructions
Prerequisites
- Ensure your instance meets Microsoft’s requirements for centralized deployment of add-ins.
- The new Outlook client does not support add-ins outside of the primary account.
Step 1: Phin Admin Portal
- 1.Go to Phin Admin Portal
- 2.Navigate to Company > Integrations
- 3.Select Report a Phish
- 4.Continue to Microsoft to sign in and grant access
- 5.Configure your Report a Phish settings
- 6.Download the manifest to upload to your Microsoft account
To customize the Report-a-Phish icon with your MSP logo, refer to the step-by-step article.
Step 2: Microsoft Admin Portal
- 1.Go to Microsoft Admin Portal
- 2.Navigate to Settings > Integrated Apps
- 3.Select Upload Custom apps
- 4.Choose Office Add-in App type
- 5.Upload the manifest file (.xml) downloaded from Phin
- 6.Assign users
- 7.Deploy Phin’s phishing button
Notes:
- It can take up to 24 hours for the add-in to appear for all users.
- The feature is compatible with Outlook Web App (OWA) and Outlook Desktop Apps, but not with Outlook Mobile App or Shared Inboxes.
- Mac users may need to adjust their toolbar to view the integration.
- In Outlook on the web, the button appears in a different location within the email.
- If an admin who set up the integration is removed from Phin but retains the "Global Administrator" role, the integration will continue to function.
Feedback and Support
Phin encourages users to provide feedback to help shape the product’s future. For help or to submit ideas, visit the support page.