This article describes how the extension works
After you deploy the extension for you or your users via the instructions below, it will appear in the sidebar, depending on which email client you use:After the extension is deployed, users will have the opportunity to report suspicious emails using the app.
The below screenshot features how the reporting process works:
Once you chose a suspicious email that you would like to report, press on the extension button ('hook') so the following will appear:
Clicking on "Report Phishing" will result in the following dialogue window:
Note that the verbiage above indicates that the message reported was a "Phishing Simulation" email that was sent by Wizer (further referenced as Wizer email)
When your users report an email that was not sent by Wizer (further referenced as a non-Wizer email), the verbiage will differ:
The extension works in GW in the same manner.
Choose a suspicious email to report:
Press on the extension button:
The below message is presented when a Wizer email is reported:
If a non-Wizer email is reported, you will see the following message:
Side notes and answers to frequently asked questions about the extension
1. Only Wizer (phishing simulation) emails will increment the 'reported' stats in the simulation analytics.
The reported Wizer emails will not be forwarded to the email that is set in the Report to Email field in the admin console.
2. Non-Wizer emails that are reported by your users will be forwarded to the email that is set in the Report to Email field in the admin console from the address of the user who reports it:
As an admin or owner of the address inserted into the above field, the reported email will be forwarded to you from the address of the user who reported it with the reported email as an attachment.
The below screenshot illustrates the received email:
3. Only existing users (who can be found in the user list in the admin panel) can use the extension to report suspicious emails.
Otherwise:
- the reported message will NOT be sent to admin if a non-existing user reports a non-Wizer email via extension.
-the extension will not react to clicks if a non-existing user attempts to report any email.
4. The extension is available for BOTH Web and Desktop/App versions of Outlook
*Note that it might take up to 6 hours for the extension to appear in Outlook after the deployment is finished. (Usually happens faster)
5. In Google Workspace the extension is available for admin installation only. (Non-admin users will not be able to install it)
6. The Admin will receive a forwarded email with the reporter email, the reported email subject, and the email reported as malicious as an attachment from:
- support@activephishingdomain.com (active phishing domain will be used, so may vary when the domain is switched) if this is a Wizer email
- email of the user who reported a message if this is a non-Wizer email.
7. If the recipients click on 'How to detect a phishing email?' the below video and tips will open.
8. The reported non-Wizer emails will be moved to the deleted items folder in the user's email account.
9. The extension is NOT supported on mobile email client versions.
10. After a user reports the phishing simulation via our extension we collect an indication that it was reported and we link this to the user's record on our end and reflect this in the phishing campaign analytics.
In regards to the reports via our extension of non-Wizer emails (potentially real phishing, or any other suspicious emails) we are not saving any additional data about the email besides the fact that such it was reported.
When a non-Wizer email is reported via our extension it is forwarded to a secure mailbox that is configured in the Wizer admin panel in the ReportToEmail field, after it's forwarded no further actions are done on our end.
11. If a user reports an email as phishing using the Outlook or Gmail phishing button, it will not be shown in the phishing campaign results as reported. Users should use the Wizer Phishing Extention (the 'hook') for the results of the phishing campaign to be accurate.