Features

Report Phishing Button

Provide your users with a button in Outlook to report phishing emails. Users are immediately notified whether the email is part of a simulated phishing campaign when they submit an email.

Potential malicious phishing emails are forwarded to a mailbox of your choice for evaluation.

We recommend configuring a user submission mailbox with third party reporting tools. You can find instructions on how to create one here, provided by Microsoft.

Overview

Requirements

  • Office365 account and admin permissions for the target tenant
  • Manifest.xml file (provided by INFIMA)
  • Report phishing mailbox (optional)

Supported Platforms

  • Outlook on Windows (Microsoft 365)
  • Outlook 2019 or later on Windows
  • Outlook 2016 or later on Mac
  • Outlook 2019 or later on Mac
  • Outlook on iOS
  • Outlook on Android
  • Outlook on the web
  • Outlook on Mac (Microsoft 365)

Deployment

The Report Phishing Button is deployed as a Microsoft App and requires admin permissions in Office 365. Once deployed, the app is enabled for your entire organization.

  1. Navigate to https://admin.microsoft.com.
  2. Navigate to Settings > Integrated Apps.
  3. Click Upload custom apps.
  4. Select Upload manifest file (.xml) from device.
  5. Navigate to and select the provided manifest.xml file.
  6. Click Next.
  7. Select which users to deploy the button to, we recommend Entire organization.
  8. Click Next.
  9. Click Next to accept permissions request.
  10. Click Finish deployment.
  11. Wait for the status to show “Deployed”.
  12. The report phishing button is now deployed to your organization.

Implementation Note

The button will not immediately appear to users following successful deployment. Microsoft suggests that deployments take up to 24 hours before changes are visible.

Usage

Reporting Workflow

User Experience

We designed the phishing report button according to Microsoft provided best practices meaning the user experience is familiar and intuitive for your users.

  1. When the user finds a suspected email they wish to report, they select Report Phishing from the mail drop down.
  1. This will open a panel where the user is prompted to confirm the suspected phishing email.

  1. Once the user selects Report Phishing, they are provided a response depending on if the phishing email was part of a simulated campaign.

    • Simulated phishing email response
    • Phishing email not part of a simulated campaign response

Reporting Format

Messages reported to your security team follow Microsoft's suggested reporting format. This allows for seamless integration with Microsoft advanced security features and phishing prevention.

The subject line for the email is as follows:

3| Suspected Phishing Email - {user email} - {timestamp}

Uninstalling

Follow these steps to remove the Report Phishing button for your organization.

  1. Navigate to https://admin.microsoft.com.
  2. Navigate to Settings > Integrated Apps.
  3. Find the Report Phishing app listed in the apps panel and select it.
  4. Locate the Actions header in the panel that opened.
  5. Select Remove app.
  6. Check the box, "Yes, I'm sure I want to remove the app and associated data."
  7. Click Remove.
Previous
Reporting
Next
Reporting API