O365 Phish Reporter Guide

This guide takes you through the user experience so you will know what to expect when using the O365 Phish Reporter and how to report a suspicious email.

The new version of Outlook doesn't automatically make the Phish Reporter add-in visible. Learner or the reporter needs to enable the Phish reporter add-in view in Outlook "Customise view" settings. This can be customised individually from their machine, to ensure that Phriendly Phishing Reporter button is visible.

Note: This is a limitation from Microsoft side for third party add-ins where "Customise view" settings cannot be pushed across the whole tenancy.

Instructions provided in this article are:

• How to set-up Phish Report button for OWA/Web Version and the new Outlook version
• How to report an email using Phish Reporter

How to set-up Phish Reporter button for OWA and the new Outlook version:

1. Access Outlook from your browser. 
2. Double click and open any email in a new window and select the three dots, per the screenshot below:
   
3. Click Customise actions, find and select the Phriendly Phishing button. 
   
   
   
4. Click Save. The add-in should appear after few hours, once the customised settings are synced across your user account.
5. The Phriendly Phishing add-in button should now be visible on all emails. Otherwise check for the Phish Reporter button in the App menu. 
   
   
   
6. To change settings, click the Phriendly Phishing add-in and click ‘Settings'.
   

7. Below are the two settings available. Note: Platform Administrators can limit the permissions to these settings, refer to Phish Reporter: Settings Configuration and Compatibility)
   
   
   

How to report an email using Phish Reporter button

1. Make sure the email you wish to report is highlighted in the preview pane, click the ‘Phriendly Phishing add-in’ and then click ‘Report phishing email'.

You also have the ability to report an email by selecting the ‘Three Dots’, scrolling down to find ‘Phriendly Phishing’, and then selecting ‘Report phishing email'.

2. You will see this message above the email.

3. If you have not ticked 'Do not show prompt after reporting', then you will be prompted with this message. Select 'Ok'.

4. This step will only happen the very first time you report an email. Click ‘Allow’ and log into with your Microsoft account. 

The add-in will ask for permissions – Click ‘Accept’.

Note:

• • • Global Administrator can accept these on behalf of the organizations and this might not be visible to users. 
    • Since the deployment of Nested App Authentication for Office Add-ins, the requirement to sign-in with your Microsoft Credentials frequently (e.g. note the first time reporting an email) is expected to significantly reduce. 

5. You will then get a confirmation that the email has been reported. Click ‘OK’. Note: Email in below pop-up message depends on how Phish Reporter custom message is configured. 

6. Phishing emails will now be moved into your deleted items and if you reported a Phriendly Phishing training email, it stays in the Inbox. If you reported an email by mistake you can retrieve it from there also.

Congratulations - You have now successfully reported an email! Repeat this process for any other suspicious-looking emails. Thanks!