Configuring Office 365's 'Report Phishing' add-in for Outlook to use SERS

How to report emails to the NCSC's Suspicious Email Reporting Service (SERS) using Office 365's 'Report Phishing' add-in for Outlook.


This guidance describes how to configure the Office 365 'Report Phishing' add-in for Outlook, so that users can report suspicious emails to the NCSC's Suspicious Email Reporting Service (SERS).


This guidance is aimed at system owners responsible for administering Office 365 within organisations. Once configured, users can quickly report emails that they suspect to be phishing attempts, using a single mouse-click.


In this guidance:

  • Installing the Office 365 'Report Phishing' add-in

  • Including the NCSC's SERS in the Report Phishing add-in

  • About the SERS

  • Sample documentation for internal staff

Installing the Office 365 'Report Phishing' add-in

Your organisation must be willing to accept Microsoft's terms of use before installing the Report Phishing add-in.

  1. Go to the Microsoft AppSource and search for the Report Phishing add-in.

  2. Click the Get it now button.

  3. Follow the instructions to complete the installation.

Note:

It could take up to 12 hours for the add-in to appear in your organisation. Once it does, you can configure it to include the SERS service.


Including the NCSC's SERS in the Report Phishing add-in

1. Log into the Microsoft 365 Admin Center.

2. Navigate to the Exchange Admin Center.

3. From here navigate to Mail Flow -> Rules.

4. Click the Create New Rule button.

A ‘New Rule’ window is displayed.

5. Enter a name for your rule Report Phishing to SERS.

6. Set Apply this rule if to The recipient isphish@office365.microsoft.com

If you want to see what emails your users are reporting, you can also enter the email address of an email account you manage.

7. Set Do the following to Bcc the message to report@phishing.gov.uk

8. Click the Save button.

The rule is added. All emails flagged using the Report Phishing button will be routed to the NCSC's SERS.


About the SERS

The NCSC's Suspicious Email Reporting Service (SERS) enables the public to report suspicious emails by sending them to report@phishing.gov.uk. The SERS analyses the emails and where found to contain links to malicious sites, seeks to remove those sites from the internet to prevent the harm from spreading.

  • Information provided to SERS is protected in the same way we protect our own confidential information; it is held securely, with strictly limited access.

  • We may share details with our law enforcement partners, such as the National Crime Agency and the City of London Police, to help identify investigation and mitigation opportunities.

  • The information we hold is exempt from Freedom of Information requests.

  • For further detail on how we handle information you send us, please see our Privacy Statement.

Sample documentation for internal staff

To help your staff use the Report Phishing add-in, we've produced some sample documentation that you may wish to modify and distribute.


We've made changes to Outlook, so that you can easily report phishing emails in your inbox. If you receive any email that you suspect is suspicious, select the message and click the new Report Phishing button.

  • If you're using the full Outlook program, the button appears in the main toolbar:

  • If you're using Outlook via a web browser, the button appears in the sidebar:


Once clicked, you'll be asked to confirm the submission:


By reporting suspicious emails, you will helping to keep yourself, colleagues, and your organisation safe. Reported emails are submitted to Microsoft and to the National Cyber Security Centre (NCSC).

  • Microsoft uses these submissions to improve the effectiveness of email protection technologies.

  • The NCSC's Suspicious Email Reporting Service will analyse and take down any phishing attempts found within these emails.

Note:

If the Report Phishing button is not available, but you still wish to report a suspicious email to the Suspicious Email Reporting Service, you can do so by forwarding the email in question to report@phishing.gov.uk.


If you have any questions about this documentation, in the first instance please refer to your IT helpdesk.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the West Midlands is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the West Midlands provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

 

The Cyber Resilience Centre for the West Midlands does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the West Midlands is not responsible for the content of external internet sites that link to this site or which are linked from it.