Reacting to phishing emails in a timely manner is critical in the world of Business Email.
Red Sift’s OnINBOX email 'Reporting and Remediation' function now gives end-users and admins the ability to react to phishing emails as they arrive in users' inboxes. Employees can report malicious emails from within their email interface which are then sent to the security team for further analysis. IT admins can then leverage the remediation function to not only remove current threats from all users’ mailboxes but also prevent similar threats from ever making it to the user’s inbox in the future.
Reporting a suspicious email as an end-user
In this example, one of our users has just received a suspicious message in which a request was made to follow a URL and fill out a form. Considering the nature of the request, the end-user decides to click the 'report' button so that their IT admin can review it.
After clicking the 'Report' button within the email, the user will be redirected to the OnINBOX user dashboard where they will be presented with the following window.
From here, the user will able to easily select the most relevant reason for reporting this email:
They will also have the option to submit more information by choosing from the tick box options or adding comments explaining why they decided to report this email.
After the user clicks 'Submit', a report will be sent to OnINBOX Manager letting them know that there are 'Unresolved Reports' that require their attention.
Unresolved User Reports
Now that the user has reported the email, it will be displayed within the 'Reports' section of OnINBOX Manager. From here the admin can decide how they would like to leverage the Remediation function to take action on this particular message.
The admin can click into any of the individual unresolved reports to get a detailed breakdown of the message that was reported.
The following details and options are available within the 'Report Information' for any specific user report.
The number of times the message was reported, and whether it was reported as a Threat, Spam, or a False positive.
A breakdown of the 'Threat Analysis' for the OnINBOX risk indicators.
A list of all users who have reported the email.
A 'Log' tab displays any remediation rules that have been created for the particular report.
A 'Notes' tab allows admins to add any notes related to the remediation choice.
A dropdown option for the admin to mark the report as Remediated, Unresolved, or False positive.
Remediating a reported message
The admin can go to the 'Remediation' tab within the Report Information window to decide what action to take for this particular message. They can choose to do one of the following from the 'Action' dropdown:
'Delete' will delete this email from the reporter's and all other recipients' inboxes.
Add to threat list
'Add to threat list' will add both the sender of this email and the sender’s domain to your organization’s threat list. This will result in all emails from this sender and this domain being marked with a red Trust indicator.
Add to trust list
'Add to trust list' will add both the sender of this email and the sender’s domain to your organization’s trust list. This will result in all emails from this sender and this domain being marked with a green Trust indicator.
'Email Reporter' will send an email to either the first reporter or all reporters about the outcome of the remediation.
In this case, the admin has selected the action 'Delete email', which will cause the following window to display. From here they can decide how to configure the remediation rule for this particular report. They can customize the following conditions:
This condition allows the admin to create a rule that will delete emails from the specific sender address AND/OR from the domain of the sender.
This condition allows the admin to create a rule that will delete emails based on the specific content that is included within an email.
This option allows the admin to create a rule that will let the users affected by this change know what they’ve done. You can either customize the email that is sent to the user or select from one of the default templates.
Here is an example of what a user receives when this option is set to 'Yes'
Classify the report as ‘Resolved’ or ‘Unresolved’
Once the admin clicks 'Create Rule' the window below will display a preview of any and all messages that will be deleted after the rule is 'Confirmed'
Add to Threat list
In this case, the admin has selected the action 'Add to Threat list', which will display the following window. From here they can decide whether to add just the 'Senders' address or the sending 'Domain' to the organization’s existing Threat list. This will result in all emails from this sender and this domain being marked with a red Trust indicator moving forward.
Add to Trust list
In this case, the admin has selected the action 'Add to Trust list', which will display the following window. From here they can decide whether to add just the 'Senders' address or the sending 'Domain' to the organization’s existing Trust list. This will result in all emails from this sender and this domain being marked with a green Trust indicator moving forward.
In this case, the admin has selected the action 'Email Reporter', which will display the following window. From here they can decide what they want to be sent in the email to the user(s) who reported the suspicious email, and whether to send an email to the first reporter or all reporters about the outcome of the remediation.
From the 'Resolved' tab within the User Reports section, admins can view all of the historical reports that have been remediated and view a detailed breakdown of the action that was taken for the particular report.
The 'History' section within the OnINBOX Manager will display the historical logs of any Remediation that has taken place.
The 'Manual' tab displays all of the messages that had action taken manually upon the initial creation of a Remediation rule.
The 'Automated' tab will display any and all messages that have subsequently had an action taken based upon rules that were already in place.
To find out more about the remediation feature please visit this link.
If you have any questions or need some help please use the Live Chat or contact us using the button below.