Skip to main content

Can’t Use KillPhish? Here’s How Else You Can Report Emails

PhishingBox Support
  • Updated

Overview

If you’re unable to use KillPhish to report an email—whether due to technical issues, device limitations, or personal preference—there are still ways to log reported actions in PhishingBox. This article outlines alternative methods for reporting phishing or suspicious emails while ensuring those actions are properly recorded in PhishingBox.

Use the links below to jump to a section:

Microsoft's Built-in Reporting Button

If you'd like to use Microsoft’s Report Message button to report suspicious emails, you can configure it to forward those reports to a designated inbox that connects with PhishingBox. This allows reported simulated emails to be tracked in PhishingBox campaigns. Follow the steps below to set this up:

Step 1: Create a Reporting Mailbox

Create a mailbox in Microsoft 365 that will collect all reported emails (if one doesn't already exist).

Step 2: Configure User Reported Settings

  1. Go to User reported settings in the Microsoft 365 Security & Compliance Center.

  2. Under Reported message destinations, configure the following:

    • Send reported messages to: Select My reporting mailbox only

    • Choose the mailbox you created in Step 1

Step 3: Connect the Mailbox to PhishingBox

  1. Open the PhishingBox portal in an incognito window

  2. Go to Administration > Settings > Mail Settings > Security Inbox tab

  3. Click the Create button

  4. Set the Connection Type to Microsoft Entra ID and click Authorize

  5. Sign in using the mailbox created in Step 1

Once connected, PhishingBox will begin recording reported emails submitted through the Microsoft Report Message button.

Reporting via Forwarding

Targets can report suspicious emails by forwarding them to a designated reporter mailbox. To ensure PhishingBox logs when a simulated phishing email is reported this way, you’ll need to configure a Security Inbox.

To set this up, go to Administration > Settings > Mail Settings > Security Inboxes in the PhishingBox portal. Then, follow the instructions in the Security Inboxes section of the Mail Settings article to configure either an IMAP or Microsoft Entra ID inbox.

If you prefer not to have PhishingBox test emails show up in your primary Microsoft 365 reporter mailbox when using the forwarding method, you can CC a secondary mailbox instead. This way, test emails are logged by PhishingBox without cluttering your main reporting inbox.

To do this, add the following mail flow rule in Microsoft 365:

  1. For 'Apply this rule if', make the following selections:
    • The recipient
    • is this person and select your tenant's primary reporting address.
  2. Click the "+" icon to add an And condition
  3. For the 'And' condition, make the following selections:
    • The message headers...
    • includes any of these words and enter:
      • X-PHISHTEST
      • PhishingBox
  4. For 'Do the following', make the following selections
    1. Add recipients
    2. to the Cc box and select the email address you want to copy the message to
  5. Click "Save"
NOTE: You may need to adjust this mail flow rule to align with the specific reporting needs of your environment. To ensure the rule functions properly, identify a consistent attribute in PhishingBox emails, such as message headers or sender IP addresses, that the rule can use to match and take appropriate action.

Back to top

Manual Reporting

As a PhishingBox admin/user, you can manually log that a target reported a simulated phishing email. To do so, navigate to Tests / Campaigns > Manage Tests. Find the test you want to log a reported action for and click the test name (this opens the Test Details page). Scroll to the bottom. In the Emails tab, click the drop-down in the Actions column, then click "Log Report Action". This will log that the target reported the email.

Email_Reporting_-_Manual_report.png

Back to top

Related articles

Comments

0 comments

Please sign in to leave a comment.