Phishing Reporter Customization
Last updated
Was this helpful?
Last updated
Was this helpful?
This document provides a detailed description of the Phishing Reporter product. You can understand the basic functions of the Phishing Reporter page and use the suspicious email reporter add-in by following this document.
You can access the Phishing Reporter and the menu of related options from the left sidebar of the platform dashboard.
Phishing Reporter is an add-in that allows users to easily report a suspicious email to cyber security teams. Quick, comprehensive analysis and response can be provided when used in conjunction with the Incident Responder. Further details about the capabilities and requirements are available in this .
This add-on is compatible with Outlook, Outlook Web Access, Outlook Desktop, Outlook Mobile, Office 365, and Google Workspace environments.
You can download and customize the reporter add-in from the platform interface, as well as see which users currently have the add-in installed.
When the add-in is distributed over Office 365 or Google Workspace, it is automatically installed and active for all users. Add-in user information is only available for those using Outlook Desktop (with the MSI extension)
Go to the Phishing Reporter page from the left sidebar menu of the dashboard and select Users > Settings.
Customization is available to four features:
Add-in Settings
Email Settings
Other Settings
Diagnostic Tool
You can easily customize any of the fields in the phishing reporter add-in's appearance and dialog settings. It also supports multiple languages, so you can tailor the add-in to various languages and deploy it to employees in their preferred language. To add a new language, simply click on the "+ Add New Language" button in the "Dialog Box Settings."
Add-in name
Name of the add-in.
Brand name
Company name used for the add-in.
Add-in logo
For best results, the logo should be 60px (w) :60px (h).
The maximum disk image size is 2 MB; .png and .jpg formats are acceptable.
Dialog box heading
Header information used in pop-up messages.
Confirm button label
Yes button text used in confirmation messages.
No button label
No button text used in confirmation messages.
Okay button label
Okay button text used in confirmation messages.
Instant report message
Text that will appear after a user reports a suspicious email.
Connection error message
Text that will appear if the server cannot be accessed when a report is attempted.
Sending error message
Text that will appear if the reported email is not delivered to the platform.
No email selected message
Text that will appear if the user tries to report an email without selecting an email.
Bad format email message
Text that will appear if the user tries to report an email that is not eligible for reporting.
Show confirmation message when reporting email
You must check this box if you wish to include a confirmation message window for a reported email.
Show confirmation message when deleting email
This option opens a dialog box that allows you to remove the associated email after a report. If you select the "Automatically" option, the reported email will be deleted from the inbox.
Turn off email forwarding for reported phishing simulation emails
This option has two features:
When an employee reports a phishing simulation email, a dialog box will appear confirming the report, and employees will receive a congratulatory message for recognizing the simulation email.
Reported phishing simulation emails will not be forwarded to the SOC team's email address specified in the Email Settings menu. This ensures that SOC teams can focus on real suspicious emails instead of simulated ones.
Warning label
You have the option to add a message as a tag to the reported email to warn the reported user.
Click the Next button to go to the next page and save your changes in the first time customization. When the first customization is done, you can use the Save Changes button to save your changes or use the Manage and Download button to save your settings and download the add-in immediately.
You can configure the add-in to send a reported email to the SOC or IT team as an attachment in .eml format using the "Send Information Email for Reported Incidents" option. You can customize the following settings:
To use this feature, please enable the "Send Information Email for Reported Incidents" option.
Recipient Email Address
Email address that will receive the reported e-mail
CC
Optional additional recipient
BCC
Optional additional blind copy recipient
Email Subject
Subject line for the email used when reporting a suspicious email. Use {SUBJECT} merge tag as a variable for reported emails' original subject.
Email Message
Message template for the email used when reporting a suspicious email
Click the Next button to go to the next page and save your changes in the first time customization. When the first customization is done, you can use the Save Changes button to save your changes or use Save and Download button to save your settings and download the add-in immediately.
You can also customize additional settings.
Proxy Settings
If users are accessing the internet through a proxy, you can enable the plugin to detect the proxy configuration of the computer where it will be installed.
Site URL
API address that will be used when reporting an email via the add-in.
Please contact the support team if a change is needed.
API Key
The API key is to be used in the add-in to communicate with the platform.
Please contact the support team if a change is needed.
Company ID
The Company ID is to be used in the add-in to communicate with the platform.
Please contact the support team if a change is needed.
Enterprise Vault
The suspicious email can be searched in the user's backup emails during the investigation.
Click the Next button to go to the next page and save your changes in the first time customization. When the first customization is done, you can use the Save Changes button to save your changes or use Save and Download button to save your settings and download the add-in immediately.
The Diagnostic Tool provides information about the status of the add-in by sending the statistics of the add-in to the platform regularly. The advanced level of awareness presented makes distribution and regulation of the add-in easier for system admins. For example, if the add-in has been disabled by a user or for any reason, the tool can be used to ensure automatic activation or report the situation to the platform for system admins to be aware of this case.
The Diagnostic Tool is designed only for use on Outlook Desktop add-in with the MSI extension. When the add-in is distributed over Office 365 or Google Workspace, it is automatically installed and active for all users.
Check and Enable All Disabled Add-ins Automatically
The reporter add-in can be enabled automatically if it is not enabled for a reason.
Proxy Settings
If users are accessing the internet through a proxy, you can enable the plugin to detect or use the defined proxy configuration of the computer where it will be installed.
After completing the configuration steps and customizations, you can click the Save and Download button to download the add-in for your environment.
The Phishing Reporter menu offers the option to view a list of users who have the add-in installed and its activation status.
When the add-in is distributed over Office 365 or Google Workspace, it is automatically installed and active for all users. add-in user information is only available for those using Outlook Desktop (with the MSI extension)
Email address of the add-in user. This field may be left blank if there is no target user information for the related user on the platform.
Add-in Status
Status of the add-in. If the Diagnostic Tool has not been enabled, the only visible status will be Online or Offline. The Diagnostic Tool will indicate Disabled, Not Installed or much information about the add-in/user.
Last Seen
Date and time the add-in was last active.
Diagnostic Tool
Status of the Diagnostic Tool service. The tool can be Installed, Not Installed or Error.
Device
Name of the computer used.
Version
Version information of the installed add-in
Actions
Delete the phishing reporter user data from the phishing reporter users page.
Keepnet Phishing Reporter helps users report suspicious emails quickly and easily across multiple email platforms. This section visually showcases how the Phishing Reporter button appears in different environments—Outlook Desktop (New/Classic), Outlook Web (OWA), Outlook on Mac, Mobile (IOS/Android).
In the redesigned New Outlook interface, the Phishing Reporter button is placed conveniently in the top toolbar when viewing an email.
Open your Inbox.
Select the suspicious email.
Click the Phishing Reporter button in the toolbar at the top.
In Classic Outlook, the reporter button is accessible directly from the ribbon while reading or previewing an email.
Click Inbox from your folder list.
Open the email you want to report.
Click the Phishing Reporter button on the ribbon toolbar.
If you’re using Outlook on the web, the reporter button is clearly visible in the action toolbar when viewing a message.
Go to your Inbox.
Open the suspicious email.
Click the Phishing Reporter icon in the top menu.
For Outlook on macOS, the reporter button is available under the Report dropdown.
Select the email in your Inbox.
Click the Report dropdown from the top toolbar.
Choose Phishing Reporter.
The mobile version of Outlook provides access to the reporter through the contextual options menu:
While viewing a suspicious email, tap the three dots (•••) in the upper-right.
Tap on the Suspicious Email Reporter icon.
This tutorial provides a detailed description of the Phishing Reporter product. You can understand the basic functions of the Phishing Reporter page and use the suspicious email reporter add-in by following this tutorial.
A: The Diagnostic Tool is designed specifically for the Outlook Desktop version. There is no need for the Diagnostic Tool for O365 and Google Workspace add-ins.
A: No. The new version of the add-in will update the old version.
A: You need to redistribute the current version of the add-in in order for any changes to be activated.
A: Yes. please see more information on the ‘Email Settings’ page.
A: Yes, you can enable the ‘Show confirmation message when reporting email’ option under the Add-in Settings page.
A: No, the add-in will first ask if you wish to report it and then will show a message that the admin is customized under the "Turn off email forwarding for reported Phishing Simulation emails" field. There won't be other prompts such as "Do you wish to delete the original email" after report emails sent by the platform.
A: Log in to your OWA email account and open an email. After that, on the right-hand side, click on the Apps button and click on the Phishing Reporter button to report the suspicious email.
A: Yes. You can export all information related to Phishing Reporter via using the document.
