What you need to know
- A new add-in for Outlook helps people report suspicious emails to the UK's National Cyber Security Centre.
- The Report Phishing add-in is made by Microsoft and is available through Microsoft's AppSource website.
- Reported emails can be sent to Microsoft and the National Cyber Security Centre.
Microsoft Outlook has a new add-in that allows people to easily report suspicious emails to the UK's National Cyber Security Centre (NCSC) (via ZDNet). The Report Phishing add-in is made by Microsoft and is available through the company's AppSource website. Admins can set the Report Phishing add-in to send reports to Microsoft, the NCSC, or a security administrator.
While Outlook and Office 365 already have security measures in place, attackers can find ways around these. For example, Microsoft recently detailed a phishing campaign that used Morse code to bypass detection. That campaign — like many other phishing attacks — tries to trick people into downloading malware.
If an email manages to get to a recipient undetected, a person can report it to Microsoft and the NCSC, assuming that an admin has set the Report Phishing tool to include it.
The NCSC outlines how to include the NCSC's Suspicious Email Reporting Service (SERS) in the Report Phishing add-in.
Since its launch in April 2020, the NCSC's Suspicious Email Reporting Service has received over 6.6 million reports. It's removed over 97,500 URLs and 50,500 scams as of June 30, 2021.
The Report Phishing add-in is only available on corporate and business versions of Office 365.
If an organization can't set up the Report Phishing add-in on Outlook, people can still report suspicious emails to the NCSC by forwarding the email in question to report@phishing.gov.uk.
