You can manage your KillPhish add-in and Report Phishing COM add-in settings, view installation instructions, and download the manifest or MSI file from the Reporting Settings page. Navigate to Administration > Settings > Reporting Settings (or Inbox/Reporting Settings, if you have the Inbox module with your Portal subscription).
You will be presented with three different tabs, shown below. (You'll have an additional tab if you have the Inbox feature).
- Note: The Office 365 Add-In (KillPhish) tab has settings for the KillPhish plugin. The Outlook Add-In tab has settings for the Report Phishing Outlook desktop plugin (aka MSI plugin, COM add-in, or Report Phishing add-in). These two plugins are NOT the same. The Report Phishing plugin will only appear on the Outlook desktop app, and is available for non-Office 365 accounts; the KillPhish plugin will appear on desktop or web instances of Outlook and is only available for Office 365 accounts. The Report Phishing plugin is a simple "click and report" plugin. It does not have advanced scanning. The KillPhish plugin has scanning ability, which can be disabled (see Office 365 Add-In (KillPhish) below).
The Reporter Email Address is the email address that receives the reported emails when your users report a phishing email. You may allow additional inboxes to receive copies of the reported emails by adding Additional Reporter Addresses.
Office 365 Add-In (KillPhish)
The next tab, Office 365 Add-In (KillPhish), contains settings related to your KillPhish plugin.
The Advanced Threat Protection on/off switch, when turned on, will cause the emails to be scored. Additionally, information about the email (sender, SPF, links, attachments, words, and phrases) will be displayed, as shown below.
The Include Message Body in Reported Emails on/off switch lets you choose if you'd like the original message body of reported emails to be included when your users report emails. If you turn this toggle off, then the original message body is never sent to Portal servers and is not included in the reported email.
If Advanced Threat Protection is turned off, then only the helpful tips will be displayed. No score or risk assessment will be shown to the user, as shown below.
The Branding Name is what will appear as the name of the plugin on user's inboxes.
The Helpful Tips box allows you to create your own helpful tips that will appear on your user's instances of the KillPhish plugin. You are allowed to enter seven or fewer helpful tips. The helpful tips may not total more than 350 characters in length. Enter the helpful tips as plain text, each new tip on a new line. If you delete the helpful tips and do not enter anything in the text box, then Portal will place default helpful tips on the user's plugin.
The Branding Icon is the icon that will appear for the plugin (this is what user's will click to get the plugin to scan the email and allow them to report).
- Note: You will need to redeploy the manifest file in order for changes to the branding name or branding icon to appear on the KillPhish plugin. Changes to helpful tips and Advanced Threat Protection will display automatically without the need to redeploy the plugin.
Click on the Outlook Add-In tab to view settings for the Report Phishing plugin.
Advanced Threat Protection is not available for the Report Phishing desktop plugin. The Delete Emails Reported feature is only available for the Report Phishing plugin - not the KillPhish plugin. What Delete Emails Reported does is causes emails to be immediately deleted from the user's inbox when they report emails using the Report Phishing plugin. The Reported Confirmation is a message that the user receives when he/she reports an email.