Phishing Tackle has created the Phish Hook Button which is a tool used for reporting suspected phishing emails to your organisation. However, if your organisation cannot configure the Phish Hook button or would prefer to use the Microsoft Report Message and Report Phishing add-in this guide will explain how to configure the add-in to track simulated phishing emails that have been reported.
Please note: You cannot use both the Phish Hook button and either the "Report Message" or "Report Phishing" add-in from Microsoft simultaneously.
- Step 1 - Requirements
- Step 2 - Configure Microsoft Report Message or Report Phishing button
- Step 3 - Configure an address for User submissions
- Step 4 - Configure a mail flow rule to send reported simulated phishing emails to Phishing Tackle
Step 1 - Requirements
To configure the Microsoft Report Message and Report Phishing button to automatically send simulated phishing emails that have been reported to Phishing Tackle you will need a PhishNet address.
If you do not have a PhishNet address, please contact our support team and request one. You can contact us here. Please note, if you are not a PhishNet user, the Support team can still enable this feature.
Once you have received your PhishNet email address we recommend creating a new contact in Outlook and assigning it to the PhishNet email address. This is useful to easily identify the PhishNet address.
- Click the "People" button in the top left-hand corner of the screen.
-
On the Home menu select "New Contact".
-
Add a first name.
-
Add the PhishNet email address.
-
Select "Create" to finish.
Step 2 - Configure Microsoft Report Message or Report Phishing button
Microsoft has a detailed external guide on how to configure, deploy, and use their reporting tools. This can be found here.
Step 3 - Configure an address to use for user submissions
When a user clicks on the Report Message or Report Phishing button the email will be forwarded as an attachment to a custom mailbox. This mailbox will need a transport rule configured to forward the reported email to Phishing Tackle.
- Visit the User submissions page in Microsoft Defender. This can be found here.
- Enable the setting "Microsoft Outlook Report Message button".
- For the setting "Send the reported messages to:" select the option "Microsoft and my organization's mailbox".
- Enter an internal email address to use for the User submission mailbox.
- Note: We recommend using a dedicated internal mailbox, rather than an active user mailbox.
- Click "Save".
- Your settings should look like the image below. Emails reported using the Report Message or Report Phishing button should now be sent to the address set.
Step 4 - Configure a mail flow rule to send reported simulated phishing emails to Phishing Tackle
A Mail flow rule or (transport rule) in Exchange Online will need to be configured to send simulated phishing emails that have been reported using the Microsoft Report phishing button to Phishing Tackle.
- Visit Exchange admin center.
-
Go to Mail flow > Rules.
- Create a new mail flow rule
- Set the rule name to "Report to Phishing Tackle" and click "More Options."
- In "Apply this rule if:.."
Select "The recipient..." > Select "Is this person" > Specify the User submission mailbox that was selected in Step 3. - Click the "Add condition" button.
- In the "and" condition field select "The subject or body..." > Select "Subject or body includes any of these words".
Add the phrases: "tacklephishing.com" and "smtp.mailfrom=tacklephishing.com". - Under "Do the following..."
Select "Add recipients..." > "to the To box" > Specify your custom PhishNet address. - Check your Mail flow rule matches the screenshot below. Then click "Save".
Please let our support team know If you need any further assistance with configuring the Microsoft report button to forward simulated phishing emails. You can contact our support team here.