LogoLogo
Get Demo
  • 💫NEXT-GENERATION PRODUCT
    • Introduction
    • Getting Started
      • 1. Invite System Users
      • 2. Add Target Users
        • Add Users via CSV
        • Add users via SCIM
          • SCIM Setup in Azure AD
          • SCIM Setup in Okta
          • SCIM Setup in Onelogin
          • SCIM Setup in Jumpcloud
        • Add users via LDAP
        • Add Users via API
      • 3. Email Deliverability
        • Microsoft 365
          • M365: Direct Email Creation
          • M365: Whitelisting
        • Google Workspace
          • Google: Direct Email Creation
          • Google: Whitelisting
        • Exchange 2013 and 2016
      • 4. Track Opened Emails
      • 5. Allow Phishing URLs
        • Whitelist for Office 365
        • Whitelist for Google Workspace
        • Whitelist for Exchange 2013/2016
        • Whitelist in Security Solutions
      • 6. Setup Phishing Reporter
        • Step 1. Download Phishing Reporter
        • Step 2. Deploy Phishing Reporter
          • How to Deploy Add-In in Microsoft 365
          • How to Deploy Add-In in Exchange Admin Center
          • How to Deploy Add-In in Google Workspace
          • How to Deploy Add-In in Outlook
            • Troubleshooting Phishing Reporter Add-In on Outlook Desktop
      • 7. Incident Responder Setup
        • Step 1. Integrate Threat Intel Partners
        • Step 2. Mail Configurations
          • Microsoft 365
          • Google Workspace (Gsuite)
          • Exchange (EWS)
    • Platform
      • Dashboard
        • Dashboard Widgets
        • Incident Responder Widgets
        • Threat Sharing Widgets
        • Phishing Simulator Widgets
      • Threat Intelligence
      • Email Threat Simulator
        • Start Scan
        • View Scan Report
        • Create Trusted Account on Exchange
        • Start Scan on O365 Email Account
        • Start Scan on Google Workspace Email Account
      • Threat Sharing
        • Communities
        • Incidents
      • Phishing Simulator
        • Manage Phishing Scenarios
          • Phishing Scenarios
          • Email Templates
          • Landing Pages
        • Phishing Campaign Manager
        • Phishing Campaign Reports
        • Settings
          • DNS Services and Domains
          • Exclude IP Address
      • Callback Simulator
        • Manage Callback Scenarios
          • Callback Scenarios
          • Callback Email Templates
          • Callback Templates
        • Callback Campaign Manager
        • Callback Campaign Reports
        • Settings
          • Callback Phone Numbers
      • Vishing Simulator
        • Vishing Templates
        • Vishing Campaign Manager
        • Vishing Campaign Reports
      • Smishing Simulator
        • Manage Smishing Scenarios
          • Smishing Scenarios
          • Text Message Templates
          • Landing Page Templates
        • Smishing Campaign Manager
        • Smishing Campaign Reports
        • Settings
          • Manage DNS and Domains
          • Exclude IP Addresses
      • Quishing Simulator
        • Manage Quishing Scenarios
          • Quishing Scenarios
          • Quishing Templates
          • Quishing Landing Page Templates
        • Quishing Campaign Manager
        • Quishing Campaign Reports
        • Settings
          • DNS and Domains
          • Excluding IP Address
      • Awareness Educator
        • Training Library
        • Enrollments
        • Certificates
        • Training Reports
        • Training Completion Queries
      • Incident Responder
        • Incident Responder Dashboard
        • Investigations
        • Integrations
        • Playbook
        • Mail Configurations
          • Microsoft 365
          • Exchange
          • Google Workspace
        • Cross Company Integration
      • Phishing Reporter
        • Phishing Reporter Customization
        • Phishing Reporter Deployment
          • How to Deploy the Add-in in Microsoft 365
          • Phishing Reporter Page View Failure Due to Deprecated Exchange Online Tokens
          • Microsoft Ribbon Phishing Reporter
          • How to Deploy the Add-in in Exchange Admin Center
          • How to Deploy the Add-in in Google Workspace
          • Phishing Reporter Announcement Email Template
        • Diagnostic Tool
        • Integrating Microsoft Phishing Reporting Button with Keepnet
        • Troubleshooting Phishing Reporter on Outlook Desktop
      • Reports
        • Advanced Reports
        • Executive Reports
        • Scheduled Reports
        • Gamification Report
      • Company
        • Target Users
        • Companies
          • Company Groups
        • Company Settings
          • Privacy
            • Account Privacy
            • Data Privacy
          • AI Ally Settings
          • SMTP Settings
          • Direct Email Creation
            • Direct Email Creation for Google Workspace
            • Direct Email Creation for Microsoft 365
          • Notification Templates
          • Google User Provisioning
          • REST API
          • White Labeling
          • Proxy Settings
          • SAML Settings
            • How to Configure SAML on ADFS
            • How to Configure SAML on Google Workspace
            • How to Configure SAML on Azure AD
            • How to Configure SAML on CyberArk
            • How to Configure SAML on Okta
          • SCIM Settings
            • Getting Started with SCIM
            • Azure AD SCIM Integration
            • Okta SCIM Integration
            • Onelogin SCIM Integration
            • Jumpcloud SCIM Integration
          • SIEM Integrations
            • Splunk Integration
            • Syslog Integration
          • LDAP
          • Allowed Domains
        • System Users
          • People
          • Roles
        • Audit Log
        • Job Log
      • Free Phishing Email Analysis Service
    • Miscellaneous
      • Whitelisting
        • How to Whitelist an IP Address in Office 365
        • How to Whitelist an IP Address in Exchange 2013 and 2016
        • How to Whitelist an IP Address in Google Workspace
        • How to Whitelist in Mimecast
        • Whitelisting in Other Security Solutions
        • Whitelisting the Pictures on Microsoft Outlook Apps
        • Keepnet Tools Whitelisting Guidelines
        • Understanding Email Delivery Errors
        • Tracking Email Opens in Phishing Simulations
      • User Profile
      • Multi-Factor Authentication (MFA) Settings
      • On-Premise Requirement Checker
      • Platform Requirements
        • Portal UI Requirements
        • Phishing Reporter Requirements
        • Diagnostic Tool Requirements
      • Maintenance Tool
      • Understanding the Preferred Language Setting
  • 📚RESOURCES
    • Platform Security
    • Volume & Performance
    • Customer Help Desk
    • Product Update/Maintenance
    • Research Methodology
    • Release Notes
      • 2025
      • 2024
      • 2023
      • 2022
      • 2021
      • 2020
  • ⚖️Legal Hub
    • For Customers
      • Customer Terms of Service
      • Product Specific Terms
      • Jurisdiction Specific Terms
      • Data Processing Agreement
      • Regional Data Hosting Policy
      • Product and Services Catalog
      • Acceptable Use Policy
      • Keepnet Security Program
      • Microsoft CoPilot Usage Policy
    • For Everyone
      • Website
        • Terms of Use
        • Privacy Policy
        • Cookie Policy
      • Free Phishing Email Analysis
        • Terms of Service
        • Privacy Policy
      • Transparency Report
Powered by GitBook

Copyright © Keepnet Labs LTD. All rights reserved.

On this page
  • What is the Phishing Reporter?
  • How to Configure the Phishing Reporter?
  • Add-in Settings
  • Email Settings
  • Other Settings
  • Diagnostic Tool
  • How to View Which Users Have the Phishing Reporter Add-In Installed?
  • Video Tutorial
  • FAQ
  • Q: Is the Diagnostic Tool only available for the Outlook Desktop version of the add-on? Can it be used with Office 365 or Google workspace?
  • Q: I performed an update to the add-in. Do I need to uninstall the old version?
  • Q: Do I need to update my existing Outlook, Office 365 or Google Workspace add-in if I change the content of the add-on on the platform?
  • Q: When a user reports a suspicious email, can a backup of the reported email be forwarded to the SOC team?
  • Q: Can I have a warning pop-up appear before the notification to prevent unintentional emails from being reported after clicking the add-in button?
  • Q: Can I transfer the Phishing Reporter information to my own cybersecurity solutions or monitoring tools?
  • Q: Does the add-in will prompt a "Delete" message after reports the phishing/training emails sent by the platform?
  • Q: After the deployment of Phishing Reporter, how can I access it and use it on my OWA account?

Was this helpful?

Export as PDF
  1. NEXT-GENERATION PRODUCT
  2. Platform
  3. Phishing Reporter

Phishing Reporter Customization

PreviousPhishing ReporterNextPhishing Reporter Deployment

Last updated 1 month ago

Was this helpful?

This document provides a detailed description of the Phishing Reporter product. You can understand the basic functions of the Phishing Reporter page and use the suspicious email reporter add-in by following this document.

You can access the Phishing Reporter and the menu of related options from the left sidebar of the platform dashboard.

What is the Phishing Reporter?

Phishing Reporter is an add-in that allows users to easily report a suspicious email to cyber security teams. Quick, comprehensive analysis and response can be provided when used in conjunction with the Incident Responder. Further details about the capabilities and requirements are available in this .

This add-on is compatible with Outlook, Outlook Web Access, Outlook Desktop, Outlook Mobile, Office 365, and Google Workspace environments.

You can download and customize the reporter add-in from the platform interface, as well as see which users currently have the add-in installed.

When the add-in is distributed over Office 365 or Google Workspace, it is automatically installed and active for all users. Add-in user information is only available for those using Outlook Desktop (with the MSI extension)

How to Configure the Phishing Reporter?

Go to the Phishing Reporter page from the left sidebar menu of the dashboard and select Users > Settings.

Customization is available to four features:

  1. Add-in Settings

  2. Email Settings

  3. Other Settings

  4. Diagnostic Tool

Add-in Settings

You can easily customize any of the fields in the phishing reporter add-in's appearance and dialog settings. It also supports multiple languages, so you can tailor the add-in to various languages and deploy it to employees in their preferred language. To add a new language, simply click on the "+ Add New Language" button in the "Dialog Box Settings."

Add-in name

Name of the add-in.

Brand name

Company name used for the add-in.

Add-in logo

For best results, the logo should be 60px (w) :60px (h).

The maximum disk image size is 2 MB; .png and .jpg formats are acceptable.

Dialog box heading

Header information used in pop-up messages.

Confirm button label

Yes button text used in confirmation messages.

No button label

No button text used in confirmation messages.

Okay button label

Okay button text used in confirmation messages.

Instant report message

Text that will appear after a user reports a suspicious email.

Connection error message

Text that will appear if the server cannot be accessed when a report is attempted.

Sending error message

Text that will appear if the reported email is not delivered to the platform.

No email selected message

Text that will appear if the user tries to report an email without selecting an email.

Bad format email message

Text that will appear if the user tries to report an email that is not eligible for reporting.

Show confirmation message when reporting email

You must check this box if you wish to include a confirmation message window for a reported email.

Show confirmation message when deleting email

This option opens a dialog box that allows you to remove the associated email after a report. If you select the "Automatically" option, the reported email will be deleted from the inbox.

Turn off email forwarding for reported phishing simulation emails

This option has two features:

  1. When an employee reports a phishing simulation email, a dialog box will appear confirming the report, and employees will receive a congratulatory message for recognizing the simulation email.

  2. Reported phishing simulation emails will not be forwarded to the SOC team's email address specified in the Email Settings menu. This ensures that SOC teams can focus on real suspicious emails instead of simulated ones.

Warning label

You have the option to add a message as a tag to the reported email to warn the reported user.

Click the Next button to go to the next page and save your changes in the first time customization. When the first customization is done, you can use the Save Changes button to save your changes or use the Manage and Download button to save your settings and download the add-in immediately.

Email Settings

You can configure the add-in to send a reported email to the SOC or IT team as an attachment in .eml format using the "Send Information Email for Reported Incidents" option. You can customize the following settings:

To use this feature, please enable the "Send Information Email for Reported Incidents" option.

Recipient Email Address

Email address that will receive the reported e-mail

CC

Optional additional recipient

BCC

Optional additional blind copy recipient

Email Subject

Subject line for the email used when reporting a suspicious email. Use {SUBJECT} merge tag as a variable for reported emails' original subject.

Email Message

Message template for the email used when reporting a suspicious email

Click the Next button to go to the next page and save your changes in the first time customization. When the first customization is done, you can use the Save Changes button to save your changes or use Save and Download button to save your settings and download the add-in immediately.

Other Settings

You can also customize additional settings.

Proxy Settings

If users are accessing the internet through a proxy, you can enable the plugin to detect the proxy configuration of the computer where it will be installed.

Site URL

API address that will be used when reporting an email via the add-in.

Please contact the support team if a change is needed.

API Key

The API key is to be used in the add-in to communicate with the platform.

Please contact the support team if a change is needed.

Company ID

The Company ID is to be used in the add-in to communicate with the platform.

Please contact the support team if a change is needed.

Enterprise Vault

The suspicious email can be searched in the user's backup emails during the investigation.

Click the Next button to go to the next page and save your changes in the first time customization. When the first customization is done, you can use the Save Changes button to save your changes or use Save and Download button to save your settings and download the add-in immediately.

Diagnostic Tool

The Diagnostic Tool provides information about the status of the add-in by sending the statistics of the add-in to the platform regularly. The advanced level of awareness presented makes distribution and regulation of the add-in easier for system admins. For example, if the add-in has been disabled by a user or for any reason, the tool can be used to ensure automatic activation or report the situation to the platform for system admins to be aware of this case.

The Diagnostic Tool is designed only for use on Outlook Desktop add-in with the MSI extension. When the add-in is distributed over Office 365 or Google Workspace, it is automatically installed and active for all users.

Check and Enable All Disabled Add-ins Automatically

The reporter add-in can be enabled automatically if it is not enabled for a reason.

Proxy Settings

If users are accessing the internet through a proxy, you can enable the plugin to detect or use the defined proxy configuration of the computer where it will be installed.

After completing the configuration steps and customizations, you can click the Save and Download button to download the add-in for your environment.

How to View Which Users Have the Phishing Reporter Add-In Installed?

The Phishing Reporter menu offers the option to view a list of users who have the add-in installed and its activation status.

When the add-in is distributed over Office 365 or Google Workspace, it is automatically installed and active for all users. add-in user information is only available for those using Outlook Desktop (with the MSI extension)

E-mail

Email address of the add-in user. This field may be left blank if there is no target user information for the related user on the platform.

Add-in Status

Status of the add-in. If the Diagnostic Tool has not been enabled, the only visible status will be Online or Offline. The Diagnostic Tool will indicate Disabled, Not Installed or much information about the add-in/user.

Last Seen

Date and time the add-in was last active.

Diagnostic Tool

Status of the Diagnostic Tool service. The tool can be Installed, Not Installed or Error.

Device

Name of the computer used.

Version

Version information of the installed add-in

Actions

Delete the phishing reporter user data from the phishing reporter users page.

Video Tutorial

This tutorial provides a detailed description of the Phishing Reporter product. You can understand the basic functions of the Phishing Reporter page and use the suspicious email reporter add-in by following this tutorial.

FAQ

Q: Is the Diagnostic Tool only available for the Outlook Desktop version of the add-on? Can it be used with Office 365 or Google workspace?

A: The Diagnostic Tool is designed specifically for the Outlook Desktop version. There is no need for the Diagnostic Tool for O365 and Google Workspace add-ins.

Q: I performed an update to the add-in. Do I need to uninstall the old version?

A: No. The new version of the add-in will update the old version.

Q: Do I need to update my existing Outlook, Office 365 or Google Workspace add-in if I change the content of the add-on on the platform?

A: You need to redistribute the current version of the add-in in order for any changes to be activated.

Q: When a user reports a suspicious email, can a backup of the reported email be forwarded to the SOC team?

A: Yes. please see more information on the ‘Email Settings’ page.

Q: Can I have a warning pop-up appear before the notification to prevent unintentional emails from being reported after clicking the add-in button?

A: Yes, you can enable the ‘Show confirmation message when reporting email’ option under the Add-in Settings page.

Q: Can I transfer the Phishing Reporter information to my own cybersecurity solutions or monitoring tools?

Q: Does the add-in will prompt a "Delete" message after reports the phishing/training emails sent by the platform?

A: No, the add-in will first ask if you wish to report it and then will show a message that the admin is customized under the "Turn off email forwarding for reported Phishing Simulation emails" field. There won't be other prompts such as "Do you wish to delete the original email" after report emails sent by the platform.

Q: After the deployment of Phishing Reporter, how can I access it and use it on my OWA account?

A: Log in to your OWA email account and open an email. After that, on the right-hand side, click on the Apps button and click on the Phishing Reporter button to report the suspicious email.

A: Yes. You can export all information related to Phishing Reporter via using the document.

💫
document
REST API
API