How does it work
Our report phishing button integration for Microsoft works by simply forwarding our simulation email to CybSafe to be included in your Reporting Stats.
It is important to note that only CybSafe's Phishing simulations will be counted and tracked in your reporting. We have unique identifiers in our emails to ensure they are only counted.
Any emails that are not our own simulation emails will be automatically deleted and will not be counted in your Reported statistics.
CybSafe Inbox Details
The generic inbound email address is firstname.lastname@example.org. The local-part of the email address is customisable to your organisation, it does not have to be called "report".
CybSafe recommends a simple email forwarding approach:
General Integration Guidelines
CybSafe can be used in conjunction with other phishing simulation tools’ “Report Email” feature.
The CybSafe inbound mailbox scans any forwarded emails for CybSafe phishing, and records the users who correctly identify our simulated phishing attempts.
The configuration of this feature can be tailored to suit the customer organisation’s needs.
The organisation is to use its native “Report Email” feature (mail client dependant), which must have the capability to forward reported emails to a custom email address.
If the internal report phishing process relies on individuals forwarding suspect emails to a group inbox, a simple auto-forwarding rule to the CybSafe inbox can be created.
For more information on how CybSafe sends phishing, please see: Advanced Simulated Phishing Information.
You can review our allow listing instructions here: How to add CybSafe to your Allow list.
SOC Simulated Attack Triage Advice
Use the following information for your SOC team to automate triage of our phishing simulation reports.
Information on adding CybSafe to your allow list: How to add CybSafe to your Allow list.
Fundamentals of how CybSafe’s Intelligent Phishing works: Advanced Simulated Phishing Information.
In addition to the whitelisting signatures, CybSafe emails always contain HTML with the following signature:
The HTML shown in BOLD will always be present, so email triage can be automated with a body search for “cs-unique-ref”.
Still have any questions?
If you still have any questions, you can contact the team at email@example.com and we will be happy to answer any further concerns.