Add a ‘report phishing’ button in Outlook; forward spam and phishing emails to your internal security team the right way!

PhishMe offers a great solution for the enterprise with its anti-phishing training and phishing simulations.   The service also provides an easy way for end-users to report the messages to their IT department and use for statistical tracking.  Their solution for end-user reporting is an add-in in Outlook, providing a simple way for the end-user to click a button to report messages.   I wanted the same thing for my security program, but we didn’t contract with PhishMe,  so I needed another solution.   I didn’t want to enlist a developer to create an Outlook add-in button, so  I came up with a relatively easy solution.   If you are good at scripting or have some workstation management tools this should be no problem to implement across the enterprise.   Below are the steps you can use to reproduce a  ‘report phish’ button in Outlook that automatically sends your security or IT department a full copy of the phishing emails.   It also does much more that forwards the email, it sends the junk mail as an attachement in an email, preserving the message headers that will be needed for forensics.

  1. Install the Microsoft Junk Email reporter add-in for Outlook 2010 or 2013. The download can be retrieved at  https://www.microsoft.com/en-us/download/details.aspx?id=18275
  2. Open Outlook and verify you now see the junk options in the ribbon.

Outlook phish button

  1. Right click a blank space in the ribbon and choose ‘Customize Ribbon’. On the right side, under “Customize the Ribbon” select Main Tabs, and expand the Home (Mail) tab.  Click the ‘New Group’ button and rename it to be something useful “report junk” or “report phish”.phishing outlook button 34. Next, select the  ‘report junk’ button on the left side, and add it to the ‘report phish’ group you just created by clicking the ‘add>>’ button.    Rename it and give it an icon of your choice.  Now you should have a new icon in your main mailbox view that you can use to report junk.  By default, the add-in will only report the junk to Microsoft, however with a registry hack you can blind-copy  (bcc) an email address of your choice.  the full junk mail message will be sent as an attachment, with all the header information that is missing from a forwarded message.   This works great for sending to an IT department or a security operations center (SOC).outlook phish 4

     

     

     

    Your Outlook ribbon should now look similar to this:

    outlook phish button toolbar

Leave a Reply

Your email address will not be published. Required fields are marked *