Overview
This article describes the different ways PhishingBox allows your targets to report suspicious emails, and how to manage each method. To get started, navigate to Administration > Settings > Reporting Settings:
Use the links below to jump to a section:
NOTE: Microsoft Add-In (KillPhish) tab has settings for the KillPhish plugin. The Outlook Add-In tab has settings for the Report Phishing Outlook desktop plugin (aka COM add-in). These two plugins are NOT the same. Check out our KillPhish vs KillPhish Lite vs Report Phishing COM Add-in article to see a table comparison between our report button offerings.
General Reporting
The General Reporting tab is where you define your Reporter Email Address(es). The Reporter Email Address is the email address that receives the reported emails when your users report an email using the add-ins. You may allow additional mailboxes to receive copies of the reported emails by adding Additional Reporter Addresses.
NOTE: If you are using the Outlook Add-In (Report Phishing COM add-in), you will need to configure a Security Inbox connection on the Mail Settings page for the Additional Reporter Addresses to receive copies of reported emails.
When emails are reported by the Microsoft Add-In (KillPhish) and the Gmail Add-in (KillPhish Lite), all the defined Reporter Email Addresses will receive the EML file of the reported email (if you turn on the "Include Message Body as an Attachment in Reported Emails" setting). For emails reported by the Outlook Add-In, only the "Reporter Email Address" will receive the EML file (and not the Additional Reporter Addresses).
Microsoft Add-In (KillPhish)
The Microsoft Add-In (KillPhish) tab is where you can create and manage KillPhish instances. A Microsoft 365 license is required to use this reporting button. The KillPhish reporting button will appear on Outlook desktop, Outlook Web App (OWA), and the mobile applications for Outlook (iOS and Android).
NOTE: If you're NOT using Microsoft 365 but still use Outlook, you will need to use the Outlook Add-in.
- The "Manage KillPhish Instance" table is where you'll create and manage KillPhish instances. Configuring an instance allows you to generate a manifest file which will be used to import the KillPhish Add-In to your Microsoft 365 tenant.
- This section details the compatibility requirements and deployment instructions.
- The link found here will take you to the deprecated KillPhish Settings (this section only applies to those who created KillPhish instances prior to April 5, 2022).
For details on configuring and deploying a KillPhish instance, please see our Microsoft Add-In (KillPhish) article. For details on using the KillPhish button, please see our Using KillPhish Microsoft Add-in article.
Gmail Add-In (KillPhish Lite)
The Gmail Add-In (KillPhish Lite) tab is where you will customize your KillPhish Lite settings. KillPhish Lite is compatible with Gmail and can be installed from the Google Workspace Marketplace. KillPhish Lite allows users to report emails in Gmail. KillPhish Lite does not allow advanced scanning/scoring of emails, collection of header information, or a custom reported success message to be displayed after a user reports an email. Additionally, it cannot be white labeled (a custom branding name and icon cannot be set).
For details on configuring and deploying KillPhish Lite, please see our Gmail Add-In (KillPhish Lite) article. For details on using the KillPhish Lite button, please see our Using Gmail Add-In (KillPhish Lite) article.
Outlook Add-In
The Outlook Add-In tab contains settings for the Report Phishing add-in (also referred to as the COM add-in). The Report Phishing COM add-in is only compatible with 64-bit Outlook app running on a 64-bit Windows machine. Unlike the Microsoft Add-In (KillPhish), a Microsoft 365 subscription is NOT required.
Advanced Threat Protection is NOT available for the Report Phishing desktop add-in. The only customizations available for the Report Phishing add-in is the ability to delete emails and display a reported confirmation message after the user reports a message. If "Delete Emails Reported" is turned on, then any email that a user reports will be deleted from the user's inbox.
The Report Phishing Outlook COM Add-In will log reported actions for phishing tests and send reported emails to the Reporter Email Address (which is configured in the General Reporting tab).
NOTE: If you deployed the Outlook COM Add-in prior to August 2, 2022, you will need to configure a Security Inbox (for the Reporter Email Address) to log reported actions in phishing tests. You can configure an IMAP/OAuth inbox on the Mail Settings > Security Inboxes tab.
For more information on the Report Phishing COM add-in, see Outlook Add-In (Report Phishing COM Add-in) article.
NOTE: Outlook Add-In (Report Phishing add-in) and the KillPhish Add-In are not the same.
Comments
0 comments
Please sign in to leave a comment.