Admin Portal: Features tied to reporting real threats (phishing / spam)

Introduction

Hoxhunt add-in not only allows you to teach your employees to recognize and report simulated phishing emails, but also to fuel behavioral change to ensure your employees are reporting all suspicious emails they may come across in their Inbox.

 

Summary of features tied to reporting real threats 

There are a few settings you can enable when it comes to managing reported real threats:

Setting   Description   Notes

Forward emails reported as phishing to a designated inbox

 

Forward emails reported as phishing to a designated inbox (for example security@brand.com). The email is sent from the user's inbox, so they need to be able to send emails to the designated address.

 

Read more: Forwarding options and use cases

 

Forward emails reported as spam to a designated inbox

 

Forward emails reported as spam to a designated inbox (for example spam@brand.com). The email is sent from the user's inbox, so they need to be able to send emails to the designated address.

 

Read more: Forwarding options and use cases

 

Forward emails reported as phishing and spam to the same designated inbox

 

Forward all reported emails (phishing + spam) to the same inbox (for example security@brand.com). The email is sent from the user's inbox, so they need to be able to send emails to the designated address.

 

Read more: Forwarding options and use cases

 

Move email to Deleted Items folder after reporting it as phishing   Move email to Deleted items folder after reporting it as phishing  

Read more: Moving email out of inbox after reporting

 

Move email to Junk folder after reporting it as spam   Move email to Junk folder after reporting it as spam  

Read more: Moving email out of inbox after reporting

 

Mark email as Not spam   Mark email in spam folder as not spam  

Read more: (2021-06) Report emails in Junk folder as not spam

Upload reported emails to Hoxhunt   Upload reported emails to Hoxhunt platform in order to use Response Product and/or to access information in Threat Gallery and Hoxhunt Insights.   Read more: Upload emails to Hoxhunt

Integrate with Microsoft Defender

 

Create user submissions in Microsoft Defender when an email is reported. 

Move email to Deleted items folder after email is reported as phishing

Move email to Junk folder after email is reported as spam

(Not supported for shared or group mailboxes)

 

Read more: FEATURE: Upload reported threats to Microsoft (Defender Integration)

 

Retrieve Hoxhunt data through API

 

Retrieve data through the Hoxhunt API about threats reported by your employees.

 

Read more:

Admin Portal: Set up GraphQL API

Content limited to Hoxhunt customers

Enable Instant Feedback

 

Provide end user with Instant Feedback for reported suspicious email.

 

Read more:

Incident Response Platform 

 

Response: Instant Feedback

Content limited to Hoxhunt customers

Enable Incident Escalations

 

Enable Incident Escalations and gather reports from users who have acted on suspicious emails.

 

Read more:

Incident Response Platform 

 

Response: Incident Escalation

Content limited to Hoxhunt customers

Forwarding reported emails to a designated inbox

Hoxhunt can configure your reported real phishing and/or spam emails to be forwarded to your designated inbox. When your employee reports a suspicious email, they can choose to report it as phishing or spam.

Screenshot_2021-12-03_at_13.36.16.png

 

Forwarding options and use cases

You can flexibly configure the settings to fit your needs:

Setting   Use case
Only forward phishing emails to a designated inbox (ex. security@brand.com)   When you only want to review the emails reported as phishing to focus your efforts on the most high priority content.
Forward phishing emails to a designated inbox (ex. security@brand.com) and spam emails to another designated inbox (ex. spam@brand.com)   When you are concerned that your employees do not yet know the difference between phishing and spam and want to monitor everything that is being reported, in a manner where you can prioritize the emails reported as phishing.
Forward both emails reported as phishing and spam to the same designated inbox (ex. security@brand.com)  

When you are concerned that your employees do not yet know the difference between phishing and spam and want to monitor everything that is being reported. You also either have either an automated solution in place (such as Proofpoint TAP and TRAP) or the internal resources to analyze all reported emails in one place.

 

Moving email out of inbox after reporting

This feature is available to Exchange customers who have deployed Hoxhunt add-in via manifest.xml (version 1.0.0.2 or later) and wish to use the “remove threat after reporting” functionality.

NOTE: Removing threat emails and removing Hoxhunt simulation emails are two distinct functionalities. They are configured separately by your Onboarding Manager or Hoxhunt Support.

Read more:

FEATURE: Remove non-Hoxhunt emails after reporting
FEATURE: Remove Hoxhunt emails after reporting

Once the user has reported the email it can be moved out of their inbox in the following way:

  1. When user selects the Report as phishing option, a new view is displayed to inform the user that email will be moved to Deleted items folder after reporting is completed. After clicking the second Report as phishing button, the report is sent to Hoxhunt and/or predefined mailbox, and the email is moved to Deleted items folder.
  2. When a user selects the Report as spam option, the reported email is always moved to the Junk / Spam folder automatically and the sender will be added to the local Blocked senders list.

Upload emails to Hoxhunt

When a user reports an email as phishing it can be uploaded to Hoxhunt. The following use cases exist:

Setting   Use Case
Upload to Hoxhunt: Access information on when a user has acted on a phishing email   To be able to access information on if a user has reported that they acted on a threat, uploads to Hoxhunt must be enabled. This information can be viewed in the Threat Gallery.
Upload to Hoxhunt: Instant Feedback   If you have purchased Instant Feedback it is mandatory to upload to Hoxhunt for our system to be able to analyze the email and provide the user with feedback. Read more here: Response: Instant Feedback
Upload to Hoxhunt: Incident Escalations   If you have purchased Incident Escalations it is mandatory to upload to Hoxhunt for the email to be available in the Response Interface. Read more here: Response: Incident Escalation
Upload to Hoxhunt: Insights Reporting

 

If you want to access insights into reported real threats in Hoxhunt Insights Overview, you need to enable uploads to Hoxhunt.

If you would need more technical details about the Upload to Hoxhunt feature, please reach out to your Hoxhunt contact person.

Integrate with Microsoft Defender

Hoxhunt can integrate the reporting of real threats with Defender. Reported emails will create user submissions. Please note that the integration doesn't support reporting from shared or group mailboxes. Read more here: FEATURE: Upload reported threats to Microsoft (Defender Integration)

Questions?

If you have any questions about the settings available for reporting real threats, please don't hesitate to reach out to your Onboarding Manager, Customer Success Manager or our support team at support©hoxhunt.com 

Was this article helpful?

1 out of 1 found this helpful

Have more questions? Submit a request