14 DAY TRIAL // Josh Rickard, a security analyst at the University of Missouri, has developed a special add-in for Microsoft's Outlook email client that simplifies the steps needed to report spam or phishing campaigns to the proper persons in your company's security or incident response (IR) department.
The add-in works by adding a button to the Outlook ribbon UI. Users are supposed to select emails from their Outlook client, which they suspect might be part of a phishing attack, or just coming from spammers that they want banned on the company's email server.
Pressing the PhishReporter button will forward the selected emails as attachments to a specially set-up email address. Here, the security and IR staff can analyze the email, and if found to be malicious in nature, they can blacklist the domain in the company's spam blocker.
PhishReporter Add-In implements security best practices to avoid delayed detection of threats
The PhishReporter Outlook Add-In is the preferred way of reporting phishing emails because it automates the process of forwarding suspicious emails "as attachments," and by doing so preserving important email header information.
This operation is essential for security and IR staff because employees usually just forward the email, rewriting the original headers with their own.
The original phishing email header isn't lost since it remains in the user's client email, but IR teams usually have to contact the employee and teach him how to properly forward the email so they can analyze it. This makes security teams lose precious time, which is crucial since most phishing campaigns are most effective during their first hours.
The PhishReporter Outlook Add-In is available on GitHub. The project has no ties to a yet-unreleased project of the same name developed by KnowBe4.
The Add-In is part of a bigger toolkit
"The PhishReporter Outlook Add-In is a piece to a larger PhishReporter project I’ve been working on," Josh Rickard said in a statement for Softpedia.
"The other pieces are about rapidly reporting/e-mail hosting companies based on WHOIS/RDAP registration information, from the main IP Registrar’s, asking them to remove the site immediately. Previously, this was a manual process for many organizations," Rickard also noted.
"PhishReporter can also create a visual representation, for further analysis, using [the] Google Maps API [with data from] e-mail headers received via the Outlook Add-In or another source," said Rickard about his other project.
Just like the Outlook Add-In, the bigger PhishReporter project is available on GitHub.
