NOTE: The Phish Hook button will only forward non-simulated emails so as to avoid false-alarms with your nominated forwarding mailbox.
If your organisation has recently rolled out the Phishing Tackle Phish Hook button to your mail client, use this guide to learn how it works and in what situations you may find it useful.
Click any of the links below to jump to the relevant section:
What is it?
The Phish Hook Button (pictured above) is a tool used for reporting suspected phishing emails to your organisation. When you use it, emails are forwarded to a mailbox (chosen by the team that installed it) where they are analysed by your IT/Security team. It helps your organisation maintain a higher level of security by alerting the relevant staff members of new threats as they arise.
How do I use it?
The Phish Hook Button should be clicked if you think you have received a phishing email or any other type of malicious email. Once you click the button and confirm, the email will automatically be deleted from your inbox and forwarded to the contact set up by your organisation.
Please refrain from using the Phish Hook Button to report spam/marketing emails, you can simply delete these types of emails. You may also add the sender of spam/marketing emails to your email block list. The Phish Hook Button should only be used for emails you believe to be dangerous, this is so as not to inundate your security department with false alarms.
NOTE: To add a sender/domain to your block list will differ depending on your email client, contact your IT support for details on how to do this.
Using Outlook (Desktop)
After the Phish Hook Button is installed, you will see it in your Outlook Desktop client (pictured below).
- Select an email you believe to be suspicious and click the Phish Hook button on the top ribbon.
- This will open up a new dialogue box on the right displaying the details of the email and asking for confirmation to report it.
- This will open up a new dialogue box on the right displaying the details of the email and asking for confirmation to report it.
- Click the large button to send the potentially dangerous email to your security contact for analysis.
- After a few seconds you will see a success message at the bottom of the dialogue box and the email will be deleted from your inbox.
- NOTES:
- Depending on your organisation's settings, the dialogue box may have different colours/styles
- If youre Outlook ribbon is collapsed you may need to click the ellipsis ('...') first to access the button, see below:
Using Outlook Web Access (OWA)
After the Phish Hook Button has been installed, you will see it in your OWA window, under the main email drop-down menu (pictured below).
- Select an email you believe to be suspicious and click the ellipsis ('...').
- Click "Phish Hook".
- This will open up a new dialogue box on the right displaying the details of the email and asking for confirmation to report it.
- NOTE: Depending on your organisation's settings, the dialogue box may have different colours/styles
- Click the large button to send the potentially dangerous email to your security contact for analysis.
- After a few seconds you will see a success message at the bottom of the dialogue box and the email will be deleted from your inbox.
Why should I use it?
By reporting suspicious/malicious emails, your security team are better able to analyse which emails are getting through your organisation's defences. This allows your organisation to better secure itself against ongoing phishing attacks and similar email attacks. The reporting process also keeps you actively engaged in the security of your organisation, this point is key as a significant part of the culture shift towards a cyber-secure organisation is having all users actively engaged in a security-first mindset.
You are the first and last line of defence against phishing attacks in your organisation!
Troubleshooting
Below are some example issues along with suggested fixes:
- Issue: The button is not forwarding non-simulated emails to the correct mailbox.
- Fix: (as an admin user) Carefully check the Forwarding Email Addresses (below). If using multiple addresses they MUST be separated by commas (not semicolons or colons).
- Fix: (as an admin user) Carefully check the Forwarding Email Addresses (below). If using multiple addresses they MUST be separated by commas (not semicolons or colons).
- Issue: The button appears unresponsive in Outlook Desktop.
- Fix 1: Simply click another email, then click back onto the email you're trying to report.
- Fix 2: Restart Outlook Desktop. This fixes most issues with web add-ins.
- Fix 3: Open Outlook on the web (formerly OWA) and test the button. If it works using Outlook on the web contact your IT administrator as there may be a firewall or security rule in place which is blocking Outlook Desktop from connecting to our servers.
- Fix 4: Check with your IT admin when the button was deployed. If the button was deployed using centralised deployment it requires AT LEAST 12 hours before the button will be fully functional.
- Issue: A simulated phishing email does not arrive at the forwarding email address after clicking the Phish Hook button, though it has been deleted from the original mailbox.
- Fix: The Phish Hook button will not forward simulated phishing emails. This is because the Phish Hook button is designed to avoid raising false alarms and report only non-simulated emails to your forwarding address.