Using Ironscales

Issue

Ironscales works by allowing users to submit potential phishing emails for analysis by the IT team. When a phishing email is submitted, Ironscales flags and removes all similar emails from users inboxes within the O365 tenant.

The Ironscales Outlook Report Phishing Button is not compatible with INFIMA Security training.

When users correctly identify and submit an INFIMA Security simulated phish, Ironscales will flag and remove all other simulated phishing emails from the tenant.

Solution

To utilize INFIMA Security Training and Phishing with Ironscales, the INFIMA Security Report Phishing button must be used. The Report Phishing button correctly identifies all INFIMA Security emails and does not forward them to Ironscales as suspected phish. Actual phishing emails are still forwarded to the Ironscales 911 mailbox for triage.

This allows for proper reporting within your INFIMA Security Dashboard and allows you to continue using the phish reporting features within Ironscales.

Steps

1. Deploy the INFIMA Report Phishing button within your client tenant. Click below for detailed instructions.
   Enabling the Report Phishing Button
2. Contact your Ironscales Customer Success Representative and ask them to allow 911 report on Office 365 email attachments in your Ironscales license. This will convert incoming emails to attachments and forward them to 911. As a result of this configuration, regular 911 email forwarding will not work. In other words, forwarding emails directly to the 911 mailbox will not open incidents as expected.

3. In the INFIMA Security Dashboard, add your 911 mailbox address to the phish reporting mailbox.