Did you ever just ignore or delete a phishing email? I mean that’s great in one sense that you won’t have any negative impact. But if the email did get past the mail security filters, you can report it using the “Mark as phishing” option.
What if as well you wanted to not only enable users to report but also pass the intelligence onto the NCSC Suspicious Email Reporting Service (SERS)? How cool would that be! Well, have no fear people, we are going to show you how easy this stuff is to deploy and configure.
Outlook.com
The screenshot below show’s Office 365 Outlook.com Webmail:
But what if your users are using the Outlook application? What if you wanted to also let the NCSC know about the emails? Well Today we are going to look at how we:
- Use this in webmail (above)
- Enable this for a single user
- Enable this for an organisation
- Integrate this with NCSC SERS
Enabling this in Outlook (Single User)
Ok so by default this isn’t an option. But you can enable this:
Enable the Report Message or the Report Phishing add-ins – Office 365 | Microsoft Docs
You need to visit here:
https://appsource.microsoft.com/product/office/wa104381180
We now need to fill in some details.
Once complete we need to click continue:
Enabling this for the Organisation
https://admin.microsoft.com/AdminPortal/Home#/Settings/AddIns
We have a load of options:
We are going to select the report phishing add-in from Microsoft
Click ADD
Now we can choose the deployment options:
For this deployment we are going to leave the defaults:
NSCS SERS Reporting
Ok the SERS service helps the UK NCSC not only track but also take down malicious services, so this is a useful thing to consider. For mor info on SERS see:
Phishing: how to report to the NCSC – NCSC.GOV.UK
Configure O365’s Phishing report add-in for SERS – NCSC.GOV.UK
Here we are going to enable the feature to report emails to NCSC SERS (Suspicious Email Reporting Service)
Exchange admin center (microsoft.com)
Navigate to MAIL FLOW
Then Rules
Let’s create a new RULE
Click OK
Configure the “Do the following…” rule to BCC [email protected]
Click SAVE
And voila! (after a few hours or upto 11)
We now are going to be sending a copy of the email to NSCS every time a user reports a PHISH.
Now please bear in mind this is an awesome thing to do but also you need to be aware of any legal, regulatory, or contractual clauses that may mean you don’t want to enable the SERS integration.
Summary
Well honestly enabling this for a person or organisation and integrating with NCSC SERS is a doddle! Why are you still here? Go get working on how you are going to enable this for your organisation! Don’t forget to communicate to the business, not only can they improve security for their organisation and their customers, but they can also help UK security.
The reporting process is simple as well, highlight an email click Report Phishing!
Then click report! Easy!