The Information Security Office will roll out to campus a phish reporting button that enables users to report phishing and spam messages with the click of a button. The ISO hopes that use of this Microsoft Office 365 functionality will lighten the load on the ITS Service Desk and Tier 2.
“After several simulated phishing campaigns, a review of reporting data, and checking phish.unc.edu web site statistics, it has become evident that the current method of reporting phish needs a more user-focused overhaul,” said Charlie Mewshaw, IT Security Specialist with the ISO.
At an unknown time recently, Microsoft Office 365 quietly deployed this functionality by which users can report phish and spam from the Windows desktop Outlook client through clicking a button.
Button is intuitive
“What’s been interesting is watching the numbers climb on its use though – more than 3,000 messages were reported across the enterprise during the 30-day window before we announced the incoming desktop button without any communication,” Mewshaw said. “That informs us that people will use a tool if its intuitive, and I believe that the phish reporting button is.”
When users click the button to report a message, the message is removed from view, analyzed, and then if it is determined to be phishing or spam, Outlook 365 searches the tenant for other instances of the message in other mailboxes and auto removes it.
Testing tool
The ISO is using ITS as a broader test base to gather feedback and create documentation. Next, the Information Security Liaisons will test the tool. Finally, the ISO plans to roll out the tool more broadly to desktop clients and educate and communicate with campus to use the phish reporting button.
While the ISO and ISLs are getting the word out, phish@unc.edu will run in tandem for a while with the button.
Neutralizing threats
“Perhaps most exciting from a technical perspective is the proactive neutralizing of threats where duplicates of a phishing attempt are spread across the enterprise,” Mewshaw said.
Both managed devices and personal devices in use by employees will be able to benefit so long as the user is leveraging one of their five allocated O365 installations.