OutThink offers an advanced phishing reporting add-in for Microsoft Outlook that allows integrations with threat analysis & security systems.
The Add-In can be configured and the manifest downloaded directly from the Command Center, via the option Settings -> Organization Settings -> Integrations Tab -> Microsoft Outlook Message Reporting Add-In.
For technical guidelines on Add-In installation with Microsoft 365, Microsoft Exchange Online or Microsoft Exchange Server, please click here.
Administrator Options
Once installed on Outlook, an administrator can change the behaviour of the Add-In for all users via the Command Center settings as follows:
- Forward reported emails to my Information Security team or SOC
All non-simulated suspected phishing emails are sent to the address provided as an EML message attachment. You can perform any follow up action required on reported emails via this inbox. - Reporting to Microsoft and affiliates for further analysis (Defender Integration)
Microsoft uses these submissions to improve the effectiveness of email protection technologies. Reported emails will also be sent to Microsoft Defender and accessible via https://security.microsoft.com/reportsubmission?viewid=user.
This option requires the Defender configured Reported message destination to match the SOC Email Address given above. This can be set at https://security.microsoft.com/securitysettings/userSubmission.
Enabling this setting will provide an additional end-user option to report an email as Junk or Not Junk. - Ironscales integration (Ironscales customers only)
Provide your dedicated 911 mailbox address, as configured in the Ironscales portal. Ironscales will automatically create an incident for every reported email. - On-Premises Exchange Server Mode
If your email infrastructure is using on-premises Microsoft Exchange Server, rather than Microsoft 365, select this option.
End-User Features
Once an email has been opened in Outlook users will see a blue envelope icon with a red exclamation – either in the message toolbar directly, or via the elipses button (“…”) on the toolbar.
If clicked with an email in focus, the add-in will first perform a quick analysis of the email. The following options may then be offered (depending on the options previously selected and the context of the email being reported, some options may not always be visible):
- Report email as Phishing
If the user reports a simulation email that is part of a planned simulation running via OutThink’s platform, then the user will be marked with the Reported action in the relevant simulation campaign.
The simulation email is also removed from the user’s email box, and the user receives a congratulations message for successfully reporting a simulation.
If the user reports any other email (not part of OutThink’s simulations), the email may be forwarded for further analysis and sent to other systems, as determined by the Command Center integration settings. The email is then moved to the Deleted Items folder of user’s email box. - Report email as Junk
This option is only available to end-users when the Reporting to Microsoft… integration setting is enabled in the Command Center.
The email will be forwarded to Microsoft for junk mail analysis and the email will be removed from the user’s mailbox. The action will also be available on your Microsoft Defender dashboard.
- Report email as Not Junk
This option is only available to end-users when the Reporting to Microsoft… integration setting is enabled in the Command Center, and the email in focus is in the user’s Junk folder.
The email will be forwarded to Microsoft for junk mail analysis and the email will be returned to the user’s mailbox. The action will also be available on your Microsoft Defender dashboard.