PhishReporter, a Free Outlook Add-In for Reporting Phishing Attacks

S

sinu

Thread author
Josh Rickard, a Security Analyst at the University of Missouri, has developed a special add-in for Microsoft's Outlook email client that simplifies the steps needed to report spam or phishing campaigns to the proper persons in your company's security or incident response (IR) department.

The add-in works by adding a button to the Outlook ribbon UI. Users are supposed to select emails from their Outlook client, which they suspect might be part of a phishing attack, or just coming from spammers that they want banned on the company's email server.

Pressing the PhishReporter button will forward the selected emails as attachments to a specially set up email address. Here, the security and IR staff can analyze the email, and if found to be malicious in nature, they can blacklist the domain in the company's spam blocker.

The PhishReporter Outlook Add-In is the preferred way of reporting phishing emails because it automates the process of forwarding suspicious emails "as attachments," and by doing so preserving important email header information.

This operation is essential for security and IR staff because employees usually just forward the email, rewriting the original headers with their own.

The original phishing email header isn't lost since it remains in the user's client email, but IR teams usually have to contact the employee and teach him how to properly forward the email so they can analyze it. This makes security teams lose precious time, which is crucial since most phishing campaigns are most effective during their first hours.

The PhishReporter Outlook Add-In is available on GitHub. The project has no ties to an yet unreleased project of the same name developed by KnowBe4.

Read more : PhishReporter, a Free Outlook Add-In for Reporting Phishing Attacks
 
  • Like
Reactions: Cats-4_Owners-2
Top