Phishing Reporter helps users to report the suspicious email for analysis and start an incident investigation with Incident Responder.
The main function of Phishing Reporter is to make users easily report suspicious emails to their incident responder. When a user detects a suspicious email by clicking on the Suspicious Email Reporter button, he/she reports it to the incident responder module for analysis. Then, the platform investigates this suspicious email either by its own engine or with third-party integrated services. Click to see “ How does an investigation mechanism work?”
It gives the ability to conduct an incident investigation and response without violating the privacy of users.
It strengthens the last line of defence by transforming users into “proactive agents” that detect and report attacks.
Users report suspicious an email with a single click.
It allows a user to send a suspicious email to analysis services and get a risk score.
Users receive immediate feedback.
This outlook add-in compatible with the below version of Outlook
Microsoft Exchange & OWA
Microsoft Outlook on iPhone
Microsoft Outlook on Android
Microsoft Outlook on Mac
In Outlook, where the add-in is installed, the working principle works as follows:
When add-in opened:
a. Sends a heartbeat to server
b. Get order from the server, if there was an investigation or action
When add-in runs:
a. Sends the heartbeat to the server in periodic time 
b. If any order comes from the server, then start to do this investigation or action 
c. If an error occurred then it logs it to the client-side then send it to our server
When outlook closes itself, then add-in close:
The platform's Add-in logs all problems and reports both of user’s computer (C:\Users\Public\KeepnetLabs\Log) and keepnet server.
In order to resolve the problem, please check the logs.
Older Logs: Add-in compresses and archives older logs in .zip format bigger than 8MB
Installer: Add-in keeps the logs that appeared during the installation.
Keepnet Outlook Add-in Log: The log file that keeps the logs created when add-in functions.
Outlook Versions: Outlook 2007/2010/2013/2016
CPU Usage: 0% to 5% of CPU
RAM Usage: 120~ MB of RAM
Disk Usage: 3MB disk space
Network Traffic: payload size + http requests size = Approx. 230kbps
To get the most up-to-date version of the plugin, you can access the Incident Response> Outlook Plugin page from the Keepnet cloud interface. You can create an add-in as you like in the following criteria.
When you have logged in to the Platform, the Outlook Add-in menu helps you prepare custom plugins.
The name you would like to give your Add-in
Brand name of the Add-in you would like to give
Send Suspicious Emails To
The email address suspicious email will be delivered
Suspicious Subject and Content
Notification message about Suspicious Subject and Content
Thank You Message
Thank You Message content
Delete Message content
Warning Label content
Put a logo for your Add-In
Other Optional Features
Report the suspicious email to the server (it’s activated by default)
Move it to the spam box
Move the suspicious email to the spam box
Delete original email
Delete the original email content
Track user actions
Log user’s actions (beta)
Investigate email from user’s inbox
Action to analyse suspicious content from user inbox
Send a copy of the email to us
Bend the copy of suspicious content to Keepnet Labs
The feature to be used if the proxy server support is desired
The values to create their own custom plugin need to be defined by firms that use on-premise.
Dear …. Team,
We are happy to announce to you the new outlook function: “Suspicious (Phishing) E-mail Reporter”.
This Outlook add-in will help you to easily and instantly report suspicious emails to Information Security Team for analysis.
Please read the instructions below to understand how to use this add-on.
What is Phishing Reporter add-in?
Phishing Reporter add-on is a button placed on Microsoft Outlook’s menu bar under the “Home” tab. This button will enable you to report suspicious email to us.
It will also give us the opportunity to timely identify email-borne cyber-threats and take certain actions at the system level before any damage occurs.
What will the add-on bring?
A Sample Usage