How do you report phishing attempts at your organization?

juwan-for-baramundi · 2024-02-20T17:07:47.000Z

Phishing is one of the more common forms of cyberattacks that cybercriminals use. These attacks most often take place over text, voice, or email messages. In the more high-effort messages, they typically pose as someone familiar to you. Your users can sometimes spot these fakes by taking a close look at the addresses, hovering over links, and checking to see where they lead. If it is supposed to be someone familiar, they should be encouraged to contact them first through another channel to see if it’s legit. In any case, they should inform their IT admin.

But what do you do with the message after that? Does your organization have an email to forward suspicious emails to or a report button built into your email client?

How do you report phishing attempts at your organization?

Email
Report button
We don’t
Report it directly
Raise a ticket

0 voters

notmauricemoss · 2024-02-20T17:36:46.000Z

For those of you that use a “button” - What software/service/plugin are you using?

wpheinle · 2024-02-20T17:42:44.000Z

We use Knowbe4’s Phish Alert Button . So far it has worked very well.

NotMauriceMoss:

For those of you that use a “button” - What software/service/plugin are you using?

delta-sierra-426 · 2024-02-20T17:56:34.000Z

KnowBe4 for their PAB (Phish Alert Button) directly integrated into Outlook desktop, Outlook on the web, and Outlook mobile (they also have it for Gmail), plus our users occasionally directly report security concerns to me so that I can see it first-hand. Even better is that KB4 lets me setup the PAB so that those reported emails also get reported to Microsoft, e.g. spam goes to “junk[at]microsoft.com” and phishing goes to “phishing[at]microsoft.com” (the PAB offers three options for users to choose: phishing/suspicious, spam, and unkown).

Microsoft also has good tools integrated into Outlook, namely MS Defender for Office (P1 for users and P2 for SecOps / IT). Google has their own in Gmail, so it’s really just a matter of choosing what route to go, executing firmly, and education end-user.

craigh9247 · 2024-02-20T18:10:01.000Z

We use Barracuda Email Security Gateway, which has a reporting engine built into their portal. Curiously, we seem to get a lot more “email / domain administrator” spam since moving from a physical box to their ESG…

shnool · 2024-02-20T19:06:27.000Z

We use microsoft “report message” our other location uses Proofpoint, and they have “PhishAlarm”

Both work well.

patti8216 · 2024-02-20T19:13:42.000Z

All my users directly forward everything to IT. Usually from their phone because it’s too much effort to click and verify the TO address.

tamagotchiparent · 2024-02-20T21:06:54.000Z

we use “knowbe4” honestly a good service, can send out simulated phishing emails to users and make them go through a brief training course every time they click on one. its a simple button click at the top of an email and it goes directly to our phishing review inbox, its nice because realistically the more steps a user has to take to report something the less likely they are to do it at all (i am not sponsored by them i swear LOL)

Kenny8416 · 2024-02-21T09:43:05.000Z

We use knowbe4 for training and phish testing the users - although recently we’ve been informed Edge blocks access to the links and doesn’t report back to compliance which I need to check out.

For reporting real attempts we ask the users to raise a ticket in the helpdesk, which we can follow up with adding domain blocks at the spam filter and mail server level.

tekno-fobe · 2024-02-21T10:22:59.000Z

Report Button - KnowB4 Phish Alert Button.

matthew1201 · 2024-02-21T11:21:03.000Z

We use Knowbe4’s Phish Alert Report button that integrates with Outlook.

jenny-knowbe4 · 2024-02-21T12:16:56.000Z

Thanks for all the love on our Phish Alert Button everyone! When in doubt, PAB it out

Lonny6654 · 2024-02-21T14:09:44.000Z

Microsoft’s Report phishing button.

general-tsao · 2024-02-21T14:10:39.000Z

Most (thankfully) gets caught in quarantine were I review them and save some of them for future phishing test campaigns (monthly). Anything that gets through is forwarded to me where I review and will block email domains and or email addresses so that the next time they get caught in quarantine. We also aggressively block certain email attachment types so that we can review them before releasing them from quarantine, this creates extra work for us and a delay in delivery to users, but it seems to be worth it for the most part.

reenasun · 2024-02-21T14:17:13.000Z

NotMauriceMoss:

For those of you that use a “button” - What software/service/plugin are you using?

We’re using the ‘Report Message’ add on in 365.

reenasun · 2024-02-21T14:19:46.000Z

We have a report button in everyone’s outlook that is pushed out automatically and I include directions and info about it and the protocol in every new employee packet. We also accept good old fashioned ‘Forward the email to us’ method lol Keep it simple am I right?

When something is reported and is bad, I typically search the email system for emails like it that went to other mailboxes and stuff and investigate a little deeper and I take care of them from there. Report to Microsoft and delete from all user inboxes so another user doesn’t fall for it.

ZangiefBadGuy · 2024-02-22T13:31:02.000Z

KnowBe4 PAB.

chrisf7 · 2024-02-22T16:29:12.000Z

That popular vendor button works well! We actually require phishing reporting as part of our policy now.

juwan-for-baramundi · 2024-02-22T17:19:41.000Z

Appreciate the responses!

General Tsao:

Most (thankfully) gets caught in quarantine were I review them and save some of them for future phishing test campaigns (monthly).

Do you find the test campaigns to be effective?

general-tsao · 2024-02-22T17:24:16.000Z

Absolutely! We get very few failures, and it’s less and less over time. It keeps people alert.