How to Hook Hackers with Outlook’s New Phish Button

Companies can now choose to activate the Phish Button on any Outlook for Windows email server.

How to Hook Hackers with Outlook’s New Phish Button

Phishing emails are, by far, the laziest form of hacking infiltration. There’s no skill required, just a duplicitous line and an infected link. Most phishing emails are doorknob rattling. They are sent to thousands of professionals checking their email, then see who is distracted or vulnerable enough to click without thinking. Some phishing emails are targeted, some are advanced and creepily personal. Most are clumsy, sent by bots and amateurs, but the links can still be dangerous even if the email is easily identifiable as a scam.

This is great news for today’s employers and teams. After all, spotting a phishing email is our best defense against the constant onslaught of infected scam emails that slipped past the spam filter. In an environment where staff training and email drills are the leading anti-phishing tactics, Outlook has introduced something truly useful: The Phish Button.

Outlook's New Phish Button

Outlook’s New Phish Button Tool

The Phish button answers the question “What do I do now?” once and for all. When employees see a phishing email, it’s common to freeze. Training says not to interact with the email, but it’s not always clear what the right remedy to being phished really is. Now, it’s out in the open. Outlook has made it possible to swiftly report a potential phishing email, forward the email to IT, and delete the email from the employee’s inbox in a single click.

Companies can now choose to activate the Phish Button on any Outlook for Windows email server. There are several obvious and not-so-clear benefits to Outlook’s new phish reporting system.

What the Outlook Phish Button Does

The phish button doesn’t just report an email, it initiates a process that simplifies reporting for employees, encourages future reporting, and integrates with your existing phish protection system. When an employee sees a suspicious email and taps the Phish button, it does three things in quick sequence.

  1. Forwards the Email to Designated Admins
    • The suspicious email is sent to the designated company inbox to be examined by the IT admins in charge.
  2. Deletes the Email from Employee Inbox
    • Team members don’t have to worry about phishing emails after they are reported. But if they want to see it again, it will be in their Trash folder.
  3. Congratulates Employee on Spotting a Drill or Real Phish
    • The program then checks to see if the email was sent by your cybersecurity drill team. If so, it congratulates employees on spotting the spoof.
    • If it’s not a spoof, they are thanked for staying vigilant and spotting the real deal.

Training Employees to Spot Phishing

The best way to optimize your phishing button is, of course, to teach your workforce how to identify phishing emails when they see them. Just like your spam filter can identify certain content patterns to screen, your team can learn to identify the cadences, tricks, and mistakes commonly seen in today’s phishing attempts.

Cybersecurity training is by far the most common approach to solving the phishing problem. And within a few days or weeks of the training, it can be. But no seminar sticks in the mind without opportunities to use the new knowledge. For the millions of employees who have been trained to identify a phishing email and avoid clicking the link the Phish Button creates the easy “next step” for them to take that at once reports the issue, provide recognition and encouragement, and gets the scam out of their inbox.

Integrating Your Cybersecurity Drills with the Phish Button

The final piece of the puzzle is the cybersecurity drilling system. How do you keep your staff on their toes and alert every day for the chance of phishing and worse?  It can be tough to stay ever-vigilant, at least without practice. Drills give your team practice spotting the one in five hundred emails that will infect their computer and company network in a single absent-minded click.

Cybersecurity drills initiate fake cybersecurity attacks which challenge the team to remember their training and respond accordingly. Phishing drills are emails designed to look and sound like genuine phishing scam emails, including the “malicious” link. Employees are then challenged to spot these spoof phishing emails, identify them as phishing, and report them. The Phish Button makes that easier than ever, minimizing the steps needed for employees who may only have five seconds to spare.

Outlook now makes it possible to send out your phishing scam mailers to the staff and then recognize when they report it back to you as a scam. In fact, this is a great moment for your drilling team, and for your employee who won the ‘game’ of regular cybersecurity drills.

Handling the Real Phishing Emails

The Phish Button takes the worry about how to handle a scam email off the shoulders of the staff and back onto your IT or security team.   What happens when you get back a Phish report that is a truly suspicious email not sent by the company? Investigate, black-list, and report. First, investigate in an isolated network environment whether the email is truly a malware risk or just clumsily written.

Next, black-list the sender domain and IP in case the same hacker tries another tack with your staff. Make sure that your company email and messaging filters disallow similar tactics from the same source. Then report the entire incident to the IC3, or Internet Crime Complaint Center. This is the official FBI-affiliated channel for submitting cyber crimes. While it may seem like a phishing email is hardly worth reporting, remember that the global blacklist helps to keep the entire industry safe and increases the chance that hidden hackers will be caught.

Integrating the Phish Button Into Your Outlook Client

If your business relies on Microsoft 365 and uses Outlook email, the Phishing Button is a handy addition to your cybersecurity drill routine and quick report-removal of any suspicious email that make it through the filter.  Installing the Phish Alert features is simple, though configuring your cybersecurity drills will require some setup to complete the integration.

If your team is ready to integrate the Phish Button into your Outlook business email configuration, contact us today!