Cybercrime has cost organisations more than £5 million in the past 13 months*, with employees being tricked into downloading malware that looks like it comes from IT support, among other phishing scams.
Among the most common types of phishing seen are employees being tricked into downloading malware that looks like it comes from IT support, clone login pages stealing personal details, and emails containing fake alerts from common workplace software.
A new single-click ‘Report Phishing’ button now allows people to report suspicious emails directly to the National Cyber Security Centre (NCSC).
People can already forward scams to the NCSC’s Suspicious Email Reporting Service (SERS), but having a button directly inside Outlook is a lot easier for people to use and will hopefully result in more widespread use of the service.
Installing the Office 365 add-in
Please note that your organisation must be willing to accept Microsoft’s terms of use before installing the add-in.
1) Go to the Microsoft AppSource and search for the Report Phishing add-in.
2) Click the Get it now button.
3) Follow the instructions to complete the installation.
It could take up to 12 hours for the add-in to appear in your organisation. Once it does, you can configure it to include the SERS service, as follows:
Including the NCSC’s SERS in the add-in
1) Log into the Microsoft 365 Admin Center.
2) Navigate to the Exchange Admin Center.
3) From here navigate to Mail Flow -> Rules.
4) Click the Create New Rule button. A ‘New Rule’ window is displayed.
5) Enter the name for your rule as ‘Report Phishing to SERS’.
6) Set Apply this rule if to The recipient is phish@office365.microsoft.com. If you want to see what emails your users are reporting, you can also enter the email address of an email account you manage.
7) Set Do the following to Bcc the message to report@phishing.gov.uk
The rule should look as follows.
8) Click the Save button.
The rule is added. All emails flagged using the new button will be routed to the NCSC’s SERS.
Using the Report Phishing button
If you receive any email that you suspect is suspicious, select the message and click the new button.
If you’re using the full Outlook program, the button appears in the main toolbar:
If you’re using Outlook via a web browser, the button appears in the sidebar:
Once clicked, you’ll be asked to confirm the submission:
By reporting suspicious emails, you will helping to keep yourself, colleagues, and your organisation safe. Reported emails are submitted to Microsoft and to the National Cyber Security Centre (NCSC).
Microsoft uses these submissions to improve the effectiveness of email protection technologies. The NCSC’s Suspicious Email Reporting Service will analyse and take down any phishing attempts found within these emails.
If you have any questions about this new facility or would like help setting up, please contact us and we’d be happy to help.
–
Thanks to NCSC for this info on the Office 365 'Report Phishing' add-in - a great source of cybersecurity advice from the Government at ncsc.gov.uk. Crown Copyright, content reproduced under license * source: https://news.sky.com/story/new-one-click-button-will-flag-dodgy-emails-directly-to-cyber-experts-12379104
