Even if you don't fall for a phish, doing nothing is still a huge liability. With the addition of this feature, users can learn to be secure and adapt their behavior more confidently.
What is it?
Phin’s phishing button, Report Phishing, complements our phishing campaigns and allows an employee to correctly report an email as “phishing”. It doubles as a training tool as well as an email reporting tool and is installed in each employee’s outlook inbox. Our phishing button, phishing templates, and learning moments give the end users what they need to run through real-life phishing simulations in a positive learning environment.
Why did we make it?
Even if you don't fall for a phish, doing nothing is still a huge liability. With the addition of this feature, users can learn to be secure and adapt their behavior more confidently. Positive reinforcement not only rewards good actions, it also helps simplify the ever-changing world of cybersecurity.
How does it work?
The Report a Phish button will be available in each of the assigned inboxes when using Outlook Web App (OWA) and Outlook Desktop App. By selecting Report Phishing, the user will have one of two experiences depending on the email that is being reported.
Phin Phishing Simulation
When a phishing simulation is reported, the email will be archived and the action will be recorded. To positively reinforce the use of this button, users will see a congratulations message and reminder to keep up the good work.
Suspicious Email
When a suspicious email is identified and reported, it is forwarded directly to their MSP and cleaned up from their inbox all at once!
Reported Emails (Non-Simulation)
The forwarded emails are sent as an EML file attachment with a message from Phin, indicating that the user reported it as phishing. These files can be analyzed manually by opening the attachment(s) or through another tool.
How does this relate to my SAT program?
When a user reports a phishing simulation, that positive behavior is tracked in Phin's Admin Portal. Our Phishing Analytics page and automated reports will include insights at the user and company levels to give you clarity on program performance.
Phishing Analytics
Reported Phishes metrics will be available in the User Analytics pages, as well as the User View in your Phishing > Analytics page.
Automated Reported
Reported Phishes metrics will be available in the Performance Reports, Users to Watch tables, and Historical Data table.
You can learn more about reporting and analytics here.
How do I set it up?
Before proceeding, please check to see if your instance meets the necessary requirements set forth by Microsoft.
Also, the new Outlook client does not support add-ins outside of the primary account due to limitations with their latest design.
Step1: Phin Admin Portal
- Go to Phin Admin Portal
- Go to Company
- Go to Integrations page
- Select Report a Phish
- Select Continue to Microsoft to sign-in and grant access
- Configure your Report a Phish settings
- Download the manifest to upload in your Microsoft account
Step 2: Microsoft Admin Portal
- Go to Microsoft Admin Portal
- Go to Settings > Integrated Apps
- Select Upload Custom apps
- Select Office Add-in App type
- Choose Upload manifest file (.xml) from device and select downloaded file from Phin
- Assign users
- Deploy Phin’s phishing button!
Note: It can take up to 24 hours for an add-in to show up for clients for all users.
Note: This feature can be deployed in Outlook Web App (OWA) and Outlook Desktop Apps, however, it is not currently compatible with the following scenarios
- Outlook Mobile App
- Shared Inboxes
Note: Mac users may need to adjust their toolbar to view the integration.-png-1.png?width=688&height=261&name=image%20(2)-png-1.png)
Knowledge Base
Thanks for using our product!
We use all provided feedback to help drive Phin's development direction. Please keep reaching out and helping us shape the product's future! All ideas are welcome; please keep them coming!
The Content Team @ Phin
Need help or have an idea for us? Click here!