Keepnet Labs Phishing outlook add-in for Microsoft’s Outlook: email users simplify the steps to report suspicious emails

Phishing outlook add-in
Posted by: Orhan Sari Category: outlook plugin Tags: Post Date: April 3, 2018

Keepnet Labs Phishing outlook add-in for Microsoft’s Outlook: email users simplify the steps to report suspicious emails

Keepnet Labs Phishing outlook add-in for Microsoft’s Outlook: email users simplify the steps to report suspicious emails such as phishing with a single click in your company’s SOC team. Phishing outlook add-in

Keepnet Labs Phishing outlook add-in works with a button in the Outlook. It helps you easily report misclassified e-mail to responsible people in your company and its affiliates for analysis to help for improving the effectiveness of e-mail protection technologies used. When users suspected an e-mail that might be part of a phishing attack or coming from spammers that they want to ban it on the company’s email server, they can click on the Suspicious E-mail Reporter Reporter button to forward the selected emails as attachments to a special set-up email address. Then, it is possible for the security or IR staff to analyze the email, and when necessary,  to blacklist the domain in the company’s spam blocker.

Phishing Reporter

Phishing Reporter

Keepnet Labs Phishing outlook add-in turns everyone into active agents to detect phishing emails.

Keepnet labs Phishing Phishing outlook add-in: applies security best practices to avoid delayed detection of threats.  It turns ever user into an active agent detecting suspected phishing emails.  It automates the process of forwarding suspicious emails as attachments keeping important email header information. Phishing outlook add-in

Keepnet Labs Phishing outlook add-in ensures the notifications to be transferred different platforms

  • It can convert to automatic call in help desk
  • It can register for central register server
  • It may make a positive note to the user due to his/her conscious behaviour.
  • It is possible to get a detailed report of suspected emails.

Benefits of Keepnet Labs Phishing outlook add-in

Direct benefit to email user;
  • Employees report aggressive attacks with a single click.
  • Early “Phishing” warnings are taken from users and a “sensor” network is created.
  • The user is notified of this correct action when the user clicks the “Report Phishing” (3) button in a simulated Phishing security test.
  • It allows the user to send a suspicious e-mail to analysis services and get a risk score.
  • Institution’s security culture strengthens.
  • Employees receive immediate feedback that enhances their training.
Benefits to the security operation centre (SOC);
  • Unwanted e-mails can be deleted from the user’s e-mail box with information received from the command centre.
  • It reports which e-mail message is in an e-mail box of users.
  • If the existing security measures are inadequate for analysis, detection and prevention, it gives the occasion to benefit from Keepnet Labs analysis service. 

It provides more effective security measures with integration with third-party systems (siem, firewall etc.) Phishing outlook add-in

Keepnet Labs Phishing outlook add-in

To run phishing reporter add-in, make sure you have all pre-requisites of Visual Studio 2010 Tools for Office Runtime.

Once you have logged in to the Keepnet Labs management interface, the Outlook Add-in menu helps you prepare custom plugins. Phishing outlook add-in

Keepnet Labs Phishing outlook add-in Setting up

Keepnet Labs Outlook add-in is available in two versions, 32 bit and 64 bit. Both versions support unattended installation.

The following methods can be used to set up with Group Policy over Active Directory. Depending on the version of the domain controller, the steps may differ. In this article, a description has been made on a DC with Windows 2012 R2 operating system. If you would like to follow the video description, you can follow it on YouTube by clicking here.

Prerequisites for Client;

Microsoft Visual Studio 2010 Tools for Office Runtime (x86 and x64)

Microsoft .NET Framework 4 Client Profile (Standalone Installer)

Firstly, the executable file (.msi extension) must be shared. Below is the shared folder that contains this file

Sharing authority edit screen


The installation of the folder attachment containing the relevant file is shared with the desired group. In this example, the folder is shared with Everyone. It is recommended that this file is shared only with the ‘Read’ authority so that it will not cause any security weaknesses (such as escalation). 

Sharing authorization screen

Open the Server Manager, click on Tools on the right side of the screen, then open the Group Policy Management Console.

Group policy manager access window

Then create a Group Policy Object (GPO) on the domain.

Group policy creation screen

Below is the Group Policy Object created with the name Keepnet Outlook Add-in.

GPO name identification

Then the group policy is edited and the corresponding executable file is added as a new package. Below is the display of this file being added to the policy.

The screen where MSI package is selected

Then you are asked how you want to distribute this file. The ‘Assigned’ option is selected. With this option, a computer in the domain will apply this policy to its first startup and will install the Keepnet Labs Outlook add-in.

Deployment Method

Then the new policy is applied to the systems with the ‘gpupdate’ command. If this policy is applied, computers may need to be restarted. In this case, restarted computers will have Keepnet Labs Outlook add-in installed. Phishing outlook add-in

Implementation of the Gpupdate / force command

The following plug-in has been installed in the Outlook application. With the help of this add-in, employees can report a suspicious email and send it for analysis. Phishing outlook add-in

A thank you message appears when a user reports a suspicious email

Share this post