Product: Account Phishing Settings
Summary: We take a look at the Managed SAT Report Phishing Service and how you can use it to build a more fun and engaging security awareness training program.
What is Report Phishing?
The Managed SAT Report Phishing service is a new dimension in our simulated phishing training experience that allows Learners to report malicious emails sent by DeeDee, and Admins to identify who spotted the email and when.
With Report Phishing, your Learners are more involved in training and can fight back against DeeDee!
After a quick setup, your Learners can simply forward the email to phishing@yourdomain.com to receive credit for stopping DeeDee in her tracks.
How to Set up Report Phishing
Your Learners can get started right away by forwarding emails to report@phish.mycurricula.com, and the Managed SAT will recognize the phishing campaign as reported by the Learner.
If you're a Gsuite user, you can set up your own mailbox to capture and monitor phishing reports internally alongside Managed SAT by using a custom mailbox. Visit our Gsuite article for step-by-step setup instructions.
Notifications for Reported Phishing Attempts
For both Admins and Learners, notifications from reported Managed SAT phishing attempts will arrive from notifications@alerts.mycurricula.com.
When a Learner successfully reports a phishing attempt from DeeDee, they’ll receive an email with the subject line "Successfully reported phishing attempt!"
Admins will receive an email notification when the first phishing attempt has been reported. Similar to when DeeDee hacks a Learner, it will display how long it took for the first person to report a simulated phishing attack.
Reporting
When clicking the ‘Reports’ tab within the Managed SAT Admin dashboard, you’ll notice a data point titled ‘Reported Rate’ in the ‘Summary’ section.
When clicking the ‘Phishing’ tab within the Managed SAT dashboard, a 'Reported' column is available for all campaigns. Additionally, Reported Rate and Report Time can be found in the 'Summary' section of each campaign.
Within the ‘Reports’ tab, you can create a Custom Recipe for Phishing Reported rates as there is a condition titled ‘Reported’ available within the ‘Phishing Attempts’ dropdown.
FAQs
What if I report a phishing email after I click it?
- Phishing emails reported after a click will not register as reported! Your Learners must spot DeeDee’s email before they actually get caught.
What if I click a phishing email after I report it?
- This would not register as a click.
What if I report a phishing email more than 10 days after I received it?
- It will not register as reported. DeeDee’s phishing email must be reported within the 10-day timeframe that a phishing campaign is active.
Can I disable this functionality?
- Report Phishing is enabled and available to everyone by default. If you do not want your organization to utilize the Report Phishing service, you can continue with your regular use of the Managed SAT without following the above setup steps.
What do you do with emails we forward you?
- We temporarily store them for review before deleting them.
Will all phishing emails be available for reporting?
- Managed SAT will only recognize phishing attempts from DeeDee, but you can still utilize phishing@yourdomain.com to monitor all potential threats or forward them to report@phish.mycurricula.com.
What if someone forwards an email that is not a phishing attempt?
- The email will not be recognized by the Managed SAT reporting service and will be deleted unless our Forward Reported Phishing Attempts service has been set up.