Setting up Phish911 to report phishing

Overview

Phish911™ is a powerful feature in Graphus that allows recipients to report and instantly quarantine phishing/suspicious emails to their IT department (or SOC) for review and follow-up action. It helps organizations act swiftly on these emails.

Prerequisite

A dedicated inbox is required for this feature. Depending on how the feature is configured, recipients will forward suspicious emails or use Outlook buttons to report suspicious emails to this inbox. This inbox should not be used for regular email communication. We suggest that a new inbox be created for this purpose (e.g., reportphish@<your-org-domain.com> or phishingreport@<your-org-domain.com>). Also, do not use alias or group email addresses for this inbox.

Types

There are three ways the admin can set up this feature. The admin should communicate the type of remedial action selected to the recipient.

Option 1: Graphus

With the Graphus option, the recipient can simply forward the suspicious phishing email to the dedicated configured mailbox.

Option 2: Phishing Awareness Training

If the admin selects the Phishing Awareness Training option, the recipient can click the special purpose button within an email to report it as suspicious. The email is then sent automatically to the dedicated email inbox. The admin configures the special purpose button. As such, any label can be given to it.

Option 3: Microsoft 365 Report Phishing

The Microsoft 365 Report Phishing option requires the admin to install and enable a Microsoft add-in. This allows recipients to click the special purpose button within a suspicious email from Microsoft Outlook or Outlook on the Web. The email is then sent automatically to the dedicated email inbox.

Setup

To start, log in as an admin and select the desired organization.

Select Settings > Phish911™.
Click the toggle to enable it.
In the Type list, select the option for which recipients will report phishing/suspicious emails.
In the Email Address field, enter the email address of the dedicated inbox.

NOTE If you select Phishing Awareness Training or Microsoft 365 Report Phishing then the email address will be the same as the one used for these services.

Click Save.

Microsoft 365 Report Phishing

The Microsoft 365 Report Phishing option is designed specifially for Microsoft Outlook. The Microsoft add-in enables recipients to report suspicious emails in Microsoft Outlook or Outlook on the Web.

This is what the Report Message option looks like in Microsoft Outlook (client).

This is how the Report Message option appears in Outlook on the Web.

The Junk > Phishing dropdown in Outlook on the Web is another option to flag Phish911™ emails.

Once the recipient clicks the special purpose button to report an email as phishing, the recipient will see the following message. After the recipient clicks the Report button in the Report as Phishing modal, a Phish911 report will be generated in Graphus.

Setup

Enable Report Message or Report Phishing add-in. Follow the steps in the Microsoft article Enable the Microsoft Report Message or the Report Phishing add-ins.
Configure a custom mailbox for Phish911™ emails in the Microsoft Security & Compliance module. The following steps are mandatory. Otherwise, the Phish911™report in Graphus will not be generated.

Log into the Microsoft admin center with admin credentials.
Go to User submissions - Security & Compliance.
On the User reported settings page, in the Outlook section, select the check box Ask the user to confirm before reporting.
In the Microsoft Teams section:
1. In the Send reported messages to field, make a selection.
2. In the Add an exchange online mailbox to send reported messages to field, enter a dedicated mailbox account. This should be the same email address configured on the Settings > Phish911™ page in Graphus.
After configuration, it may take up to 12 hours for reporting functionality to appear in Microsoft Outlook or Outlook on the web. After 12 hours, restart the Outlook application.

5.3 End User Email Notification Template

After you activate the End User Email Notification Template in Outlook (client) or Outlook on Web, Graphus recommends emailing the End User about the release and explaining how to use the feature.

What Happens After an Email is Reported?

Regardless of the option configured to report a suspicious email, Graphus will immediately quarantine (move it to Trash/Deleted Items) the email for all recipients. Graphus will also send an email notification, shown below, to the reporter and all admins informing them about the report.

The reported email appears on the organization's Phish911 page. If Graphus determines an email is a phishing training email, the email will be listed on the Phishing Training tab. Emails that are not phishing training emails, will be listed on the Reported as Phishing tab. Separating the phishing training emails allows you to focus on the other reported emails that may need detailed analysis.

An admin can investigate an email by clicking its Report Date link.

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.