Features

Report Phishing Button

Provide your users with a button in Outlook to report phishing emails. Users are immediately notified whether the email is part of a simulated phishing campaign when they submit an email.

Potential malicious phishing emails are forwarded to a mailbox of your choice for evaluation.

Version Overview

INFIMA offers three versions of the Report Phishing Button add-in. Each version has different capabilities and requirements to suit various organizational needs.

Version 1 Obsolete

Version 1 of the Report Phishing Button is now obsolete and should be upgraded to either Version 2 or Version 3 for continued support and enhanced features.

Version Comparison

FeatureVersion 1Version 2Version 3
Status❌ Obsolete✅ Fully Supported✅ Fully Supported
Manifest URLN/Ahttps://static.infimasec.com/rpb/manifest.xmlhttps://static.infimasec.com/rpb/manifest-v3.xml
Outlook Client SupportLimitedExtensive (including mobile)Limited (no mobile)
Reported Email SenderUser's emailUser's emailphish-reports@infimasec.com
OAuth Approval RequiredYesYesNo
User ExperienceBasicStandardEnhanced (replaces MS button)
Integration ComplexityHighMediumLow

Version 2 - Extended Compatibility

Overview

Version 2 provides broad compatibility across Outlook clients, including support for older versions. This version is ideal for organizations with diverse Outlook deployments or legacy client requirements.

Key Features

  • Wide Client Support: Compatible with more Outlook versions, including older clients
  • User-Specific Reporting: Phishing reports come from the email address of the user submitting the report
  • OAuth Requirements: Requires administrator approval of OAuth scopes

Requirements

  • Office 365 account with admin permissions
  • OAuth scope approval at https://apps.infimasec.com/rpb
  • Report phishing mailbox (optional but recommended)

Deployment Steps

  1. Navigate to https://admin.microsoft.com
  2. Go to Settings > Integrated Apps
  3. Click Upload custom apps
  4. Select Upload manifest file (.xml) from device
  5. Upload the Version 2 manifest from: https://static.infimasec.com/rpb/manifest.xml
  6. Select deployment scope (recommend Entire organization)
  7. Accept permissions and finish deployment
  8. Important: Visit https://apps.infimasec.com/rpb to approve OAuth scopes
  9. Wait up to 24 hours for deployment to propagate

User Experience

Version 2 follows Microsoft's standard add-in experience, providing a familiar interface for users:

  1. When the user finds a suspected email they wish to report, they select Report Phishing from the mail drop down.
  1. This will open a panel where the user is prompted to confirm the suspected phishing email.

  1. Once the user selects Report Phishing, they are provided a response depending on if the phishing email was part of a simulated campaign.

    • Simulated phishing email response
    • Phishing email not part of a simulated campaign response

Version 3 - Enhanced Experience

Overview

Version 3 offers the most streamlined deployment and user experience. It replaces the existing Microsoft report phishing button, providing users with a single, unified reporting interface.

Key Features

  • Simplified Deployment: No OAuth approval required
  • Unified Experience: Replaces Microsoft's native report phishing button
  • Centralized Reporting: All reports come from phish-reports@infimasec.com
  • Easier Management: Simplified email filtering and routing

Requirements

  • Office 365 account with admin permissions
  • Modern Outlook clients
  • Report phishing mailbox (optional but recommended)

Deployment Steps

  1. Navigate to https://admin.microsoft.com
  2. Go to Settings > Integrated Apps
  3. Click Upload custom apps
  4. Select Upload manifest file (.xml) from device
  5. Upload the Version 3 manifest from: https://static.infimasec.com/rpb/manifest-v3.xml
  6. Select deployment scope (recommend Entire organization)
  7. Accept permissions and finish deployment
  8. Wait up to 24 hours for deployment to propagate

No OAuth Required

Version 3 does not require OAuth scope approval, making deployment faster and simpler.

User Experience

Version 3 provides an enhanced, unified experience by replacing Microsoft's native report phishing button:

  1. Single Report Button: Users see only one Report Phishing button in their Outlook interface, eliminating confusion from multiple reporting options.
  1. Confirmation Dialog: When clicked, users are presented with a clean confirmation dialog to verify they want to report the email as phishing.

  1. Result Notification: Users receive clear feedback based on whether the email was:

    • A potential real phishing email: The system provides immediate feedback while processing the report.
  • Part of a simulated phishing campaign - Educational feedback is provided
  • A trusted email is reported - Validation that the email is safe for them to click.

Enhanced Integration

Version 3 seamlessly replaces the Microsoft report phishing button, providing users with a single, consistent reporting experience across all supported Outlook clients. All reports are centralized through phish-reports@infimasec.com for easier management.

Choosing the Right Version

Use Version 2 When:

  • You have older Outlook clients in your environment
  • You need phishing reports to come from the reporting user's email address
  • You require maximum client compatibility
  • You don't mind the additional OAuth setup step

Use Version 3 When:

  • You want the simplest deployment process
  • You prefer a unified reporting experience
  • You can standardize on modern Outlook clients
  • You want centralized email management from a single sender address

Supported Platforms

Version 2 Supported Platforms

Version 2 supports a wide range of Outlook clients:

  • Outlook on Windows (Microsoft 365)
  • Outlook 2019 or later on Windows
  • Outlook 2016 or later on Mac
  • Outlook 2019 or later on Mac
  • Outlook on iOS
  • Outlook on Android
  • Outlook on the web
  • Outlook on Mac (Microsoft 365)

Version 3 Supported Platforms

Version 3 has more specific client requirements as it replaces the native Microsoft button:

  • Outlook on the web (not supported for Microsoft 365 consumer accounts)
  • New Outlook on Windows (not supported for Microsoft 365 consumer accounts)
  • Classic Outlook on Windows (requires Version 2404, Build 17530.15000 or later)
  • Outlook on Mac (Version 16.81 or later - Preview)

Version 3 Client Support

Version 3 currently does not support the following clients, but support is coming:

  • Outlook on iOS (coming soon)
  • Outlook on Android (coming soon)
  • Older versions of Outlook on Windows (planned)
  • Microsoft 365 consumer accounts (planned)

Choose Version 2 if you need immediate mobile support or have users with older Outlook clients.

Report Phishing Mailbox Setup

We recommend configuring a user submission mailbox with third party reporting tools for both versions. You can find instructions on how to create one here, provided by Microsoft.

Reporting Workflow

Reporting Format

Messages reported to your security team follow Microsoft's suggested reporting format. This allows for seamless integration with Microsoft advanced security features and phishing prevention.

The subject line for reported emails follows this format:

3| Suspected Phishing Email - {user email} - {timestamp}

Version 3 Sender

In Version 3, all reports come from phish-reports@infimasec.com regardless of which user submitted the report. The actual reporting user is still identified in the email content and subject line.

Upgrading from Version 1

If you're currently using Version 1, follow these steps to upgrade:

  1. Uninstall Version 1 (see Uninstalling section below)
  2. Choose your target version (Version 2 or Version 3)
  3. Follow the deployment steps for your chosen version
  4. Update email filtering rules if necessary (especially for Version 3)

Uninstalling

Follow these steps to remove the Report Phishing button for your organization:

  1. Navigate to https://admin.microsoft.com
  2. Navigate to Settings > Integrated Apps
  3. Find the Report Phishing app listed in the apps panel and select it
  4. Locate the Actions header in the panel that opened
  5. Select Remove app
  6. Check the box, "Yes, I'm sure I want to remove the app and associated data."
  7. Click Remove

Version Identification

If you're unsure which version you have installed, check the manifest URL in the app details or contact INFIMA support.

Previous
Learning portal
Next
Reporting API