If you use Office 365 as an email solution you can add the National Cyber Security Centre (NCSC) suspicious email reporting service to be automatically notified when your users report a phishing email. Notifying the NCSC will enable them to analyse the suspect email and any websites it links to. They will use any additional information you’ve provided to look for and monitor the suspicious activity. If they discover an activity that they believe is malicious, they may:
seek to block the address the email came from, so it can no longer send emails
work with hosting companies to remove links to malicious websites
raise awareness of commonly reported suspicious emails and methods used
This is a free public service which ensures that members of the public can report any phishing email from potential scammers, so that fraudulent activity can be prevented, and the public are kept safe.
The following guide will show you or your IT team how to configure and incorporate office 365 to allow the report phishing button to automatically send a report to the Suspicious Email Reporting Service (SERS)
** Guidance Intended for Office 365 Administrators Only **
** IT Managers / System Administrators **
Currently the “Report Phishing” add-in is only available to corporate or business versions of O365. The add-in is not currently available to users with home, or student licences.
The add-in can be found by navigating to the Business Apps page and searching for “Report Phishing”. The add-in can be added using the one click install button.
Once the add-in has been added to your organisation, you will be required to include the SERS service on reports sent via the button.
Firstly, login to the Microsoft 365 Admin Center -> Exchange Admin Center.
From here navigate to Mail Flow -> Rules.
Click the ‘Create New Rule’ button. A ‘New Rule’ window will be displayed. Enter a name for your rule – “Report Phishing to SERS”
Apply this rule if -> The recipient is email@example.com
Do the following -> Bcc the message to firstname.lastname@example.org
Click the “Save” button
The rule should appear as:
The rule will be added, now all emails reported using the “Report Phishing Add-in” will also be routed to SERS.
If you wish to see the emails that are being reported to our service, it is recommend that you add your own email address in addition to the SERS address in step 5.
If you have any questions about this guide, please refer to your IT helpdesk.
How we handle the information you send to us
Information provided to the NCSC is protected in the same way we protect our own confidential information: It is held securely, with strictly limited access.
We may share details with our Law Enforcement partners, such as the National Crime Agency and the City of London Police, to help identify investigation and mitigation opportunities.
The information we hold is exempt from Freedom of Information requests.
For further detail on how we handle information you send us, please see our Privacy Statement.
Further detail can be found here.
Guidance to provide internal staff
Once the above has been implemented, you may wish to inform staff of the changes
Changes have been made to Outlook, you will now either have access or enhancements to the “Report Phishing’ button.
Email reported using this button will be submitted to Microsoft and to the NCSC Suspicious Email Reporting Service. Microsoft uses these submissions to improve the effectiveness of email protection technologies. The NCSC Suspicious Email Reporting Service will analyse and take down any phishing attempts found within these emails.
If you receive any email that looks to be a Phishing email, please ensure you report it by using one of the following buttons. By reporting suspicious emails, you will be doing your part to keep yourself, colleagues, and organisation safe.
People who have the add-in assigned to them will see the following icons:
In Outlook, the icon looks like this:
In Outlook on the web, the icon looks like this:
Upon selecting ‘Report Phishing’ the user will be further prompted to confirm that the selected email is Phishing, prior to the report being sent. Pressing report will send the report.
If the “Report Phishing” button is not available, but you still wish to report a suspicious email to the Suspicious Email Reporting Service, you can do so by forwarding the email in question to email@example.com