Phishing Reporter
Phishing Reporter helps users to report the suspicious email for analysis and start an incident investigation with Incident Responder.
To run phishing reporter add-in, make sure you have all pre-requisites of Visual Studio 2010 Tools for Office Runtime.
The main function of Phishing Reporter is to make users easily report suspicious emails to their incident responder. When a user detects a suspicious email by clicking on the Suspicious Email Reporter button, he/she reports it to the incident responder module for analysis. Then, the platform investigates this suspicious email either by its own engine or with third-party integrated services. Click to see “ How does an investigation mechanism work?”

Benefits to the security operation centre (SOC)

  • It gives the ability to conduct an incident investigation and response without violating the privacy of users.
  • It strengthens the last line of defence by transforming users into “proactive agents” that detect and report attacks.[1]

Benefits to an email user

  • Users report suspicious an email with a single click.
  • It allows a user to send a suspicious email to analysis services and get a risk score.
  • Users receive immediate feedback.
[1] It is a way of proactively involving users to protect the institution’s security by getting employees to report suspicious emails.

Compatability

This outlook add-in compatible with the below version of Outlook
Application
Version
Support
Microsoft Windows
Compatible
Outlook 2010
Compatible
Outlook 2013
Compatible
Outlook 2016
Compatible
Microsoft Exchange & OWA
Compatible
Microsoft Outlook on iPhone
Compatible
Microsoft Outlook on Android
Compatible
Microsoft Outlook on Mac
Compatible
Google G-Suite
Compatible

How Does the Add-in Work?

In Outlook, where the add-in is installed, the working principle works as follows:
  1. 1.
    When add-in opened:
    a. Sends a heartbeat to server
    b. Get order from the server, if there was an investigation or action
  2. 2.
    When add-in runs:
    a. Sends the heartbeat to the server in periodic time [1]
    b. If any order comes from the server, then start to do this investigation or action [2]
    c. If an error occurred then it logs it to the client-side then send it to our server
  3. 3.
    When outlook closes itself, then add-in close:
[1] The add-in optimizes this process according to network and machine performance by itself.
[2] When conducting the investigation, the add-in optimizes this process according to the computer and the network situation.

Logging Mechanism

The platform's Add-in logs all problems and reports both of user’s computer (C:\Users\Public\KeepnetLabs\Log) and keepnet server.
In order to resolve the problem, please check the logs.
Outlook add-in log directory
  • Older Logs: Add-in compresses and archives older logs in .zip format bigger than 8MB
  • Installer: Add-in keeps the logs that appeared during the installation.
  • Keepnet Outlook Add-in Log: The log file that keeps the logs created when add-in functions.

Minimum Computer Specifications

  • Outlook Versions: Outlook 2007/2010/2013/2016
  • CPU Usage: 0% to 5% of CPU
  • RAM Usage: 120~ MB of RAM
  • Disk Usage: 3MB disk space
  • Network Traffic: payload size + http requests size = Approx. 230kbps

Generating Add-in

To get the most up-to-date version of the plugin, you can access the Incident Response> Outlook Plugin page from the Keepnet cloud interface. You can create an add-in as you like in the following criteria.

Customization

When you have logged in to the Platform, the Outlook Add-in menu helps you prepare custom plugins.
Item
Description
Add-In Name
The name you would like to give your Add-in
Brand Name
Brand name of the Add-in you would like to give
Send Suspicious Emails To
The email address suspicious email will be delivered
Suspicious Subject and Content
Notification message about Suspicious Subject and Content
Thank You Message
Thank You Message content
Delete Message
Delete Message content
Warning Label
Warning Label content
Add-In Logo
Put a logo for your Add-In
Other Optional Features
Reporting
Report the suspicious email to the server (it’s activated by default)
Move it to the spam box
Move the suspicious email to the spam box
Delete original email
Delete the original email content
Track user actions
Log user’s actions (beta)
Investigate email from user’s inbox
Action to analyse suspicious content from user inbox
Send a copy of the email to us
Bend the copy of suspicious content to Keepnet Labs
Proxy Settings
The feature to be used if the proxy server support is desired
On-Premise Settings
The values to create their own custom plugin need to be defined by firms that use on-premise.

Phishing Reporter Announcement Email Template

To inform your users about the Phishing Reporter Outlook add-in, you can use the following text.

Dear …. Team,
We are happy to announce to you the new outlook function: “Suspicious (Phishing) E-mail Reporter”.
This Outlook add-in will help you to easily and instantly report suspicious emails to Information Security Team for analysis.
Please read the instructions below to understand how to use this add-on.
What is Phishing Reporter add-in?
Phishing Reporter add-on is a button placed on Microsoft Outlook’s menu bar under the “Home” tab. This button will enable you to report suspicious email to us.
It will also give us the opportunity to timely identify email-borne cyber-threats and take certain actions at the system level before any damage occurs.
What will the add-on bring?
  • You can report attacks with a single click.
  • Timely notifications of "Phishing" attacks will help the information security team to be more proactive and will reinforce our company’s cybersecurity posture.
  • The add-in will help you to be more aware of cyber risks.
A Sample Usage
  1. 1.
    The user clicks on the “ Report Phishing” button to report the suspicious email, then he/she is asked whether to delete the original email or not.
  2. 2.
    The user is then appreciated by his/her attentive action.
  3. 3.
    At the end of this process, the result of the analysis of the suspicious email you reported will be sent to you via email.
Copy link
On this page
Compatability
How Does the Add-in Work?
Logging Mechanism
Minimum Computer Specifications
Generating Add-in
Customization
Phishing Reporter Announcement Email Template