Did you ever just ignore or delete a phishing email? I mean that’s great in one sense that you won’t have any negative impact. But if the email did get past the mail security filters, you can report it using the “Mark as phishing” option.

What if as well you wanted to not only enable users to report but also pass the intelligence onto the NCSC Suspicious Email Reporting Service (SERS)? How cool would that be! Well, have no fear people, we are going to show you how easy this stuff is to deploy and configure.

Outlook.com

The screenshot below show’s Office 365 Outlook.com Webmail:

Graphical user interface

Description automatically generated

But what if your users are using the Outlook application? What if you wanted to also let the NCSC know about the emails? Well Today we are going to look at how we:

  • Use this in webmail (above)
  • Enable this for a single user
  • Enable this for an organisation
  • Integrate this with NCSC SERS

Enabling this in Outlook (Single User)

Ok so by default this isn’t an option. But you can enable this:

Enable the Report Message or the Report Phishing add-ins – Office 365 | Microsoft Docs

You need to visit here:

https://appsource.microsoft.com/product/office/wa104381180

Graphical user interface, text, application, email

Description automatically generated

We now need to fill in some details.

A screenshot of a computer

Description automatically generated

Once complete we need to click continue:

Graphical user interface, application

Description automatically generated

Chart, scatter chart

Description automatically generated

Enabling this for the Organisation

https://admin.microsoft.com/AdminPortal/Home#/Settings/AddIns

A picture containing application

Description automatically generated

A picture containing background pattern

Description automatically generated

Graphical user interface, text, application, email

Description automatically generated

We have a load of options:

Graphical user interface, application

Description automatically generated

We are going to select the report phishing add-in from Microsoft

Graphical user interface, text, application

Description automatically generated

Click ADD

Graphical user interface, text, application

Description automatically generated

Now we can choose the deployment options:

Graphical user interface, text, application, email

Description automatically generated

For this deployment we are going to leave the defaults:

A screenshot of a computer

Description automatically generated

Graphical user interface, text, application, email

Description automatically generated

NSCS SERS Reporting

Ok the SERS service helps the UK NCSC not only track but also take down malicious services, so this is a useful thing to consider. For mor info on SERS see:

Phishing: how to report to the NCSC – NCSC.GOV.UK

Configure O365’s Phishing report add-in for SERS – NCSC.GOV.UK

Here we are going to enable the feature to report emails to NCSC SERS (Suspicious Email Reporting Service)

Exchange admin center (microsoft.com)

Graphical user interface, application, Teams

Description automatically generated

Navigate to MAIL FLOW

Then Rules

Graphical user interface, text, application, email

Description automatically generated

Let’s create a new RULE

Graphical user interface, text, application, email

Description automatically generated

Click OK

Configure the “Do the following…” rule to BCC [email protected]

Graphical user interface, text, application, email

Description automatically generated

Click SAVE

And voila! (after a few hours or upto 11)

We now are going to be sending a copy of the email to NSCS every time a user reports a PHISH.

Now please bear in mind this is an awesome thing to do but also you need to be aware of any legal, regulatory, or contractual clauses that may mean you don’t want to enable the SERS integration.

Summary

Well honestly enabling this for a person or organisation and integrating with NCSC SERS is a doddle! Why are you still here? Go get working on how you are going to enable this for your organisation! Don’t forget to communicate to the business, not only can they improve security for their organisation and their customers, but they can also help UK security.

The reporting process is simple as well, highlight an email click Report Phishing!

Then click report! Easy!

Leave a Reply

Your email address will not be published. Required fields are marked *