How to automate JCSC’s Suspicious Email Reporting Service

This guidance explains how to configure the Office 365 ‘Report Phishing’ add-in for Outlook, so that users can report suspicious emails to JCSC’s Suspicious Email Reporting Service (SERS).

Note:

This guidance is aimed at system owners responsible for administering Office 365 within organisations. Once configured, users can quickly report emails that they suspect to be phishing attempts, using a single mouse-click.

JCSC’s SERS automatically shares reports with the UK’s National Cyber Security Centre’s (NCSC) Suspicious Email Reporting Service: you do not need to do both. If you are based in the UK, you should use NCSC service here.

If you are based in Jersey, you should use this service. Using the Jersey service ensures we are able to analyse and respond to targeted attacks against Jersey and local industry.

The only configuration difference between the two services is the address to which suspicious emails are reported.

About JCSC’s Suspicious Email Reporting Service (SERS)

JCSC’s Suspicious Email Reporting Service (SERS) enables the public to report suspicious emails by sending them to phishing@jcsc.je.

We use phishing reports to

• identify and analyse trends in phishing activity
• support threat intelligence
• support our investigations into incidents

When you share a phishing email with us, the notification is automatically shared with the UK’s NCSC Suspicious Email Reporting Service. The NCSC analyses the emails and – if emails contain links to malicious sites – NCSC will seek to remove these sites from the internet so that the harm doesn’t spread.

If you have any questions about JCSC SERS and how we use your information, please contact hello@jcsc.je.

Please remember, this is an automated service. If you need our help with an incident, call us or email incidentreports@jcsc.je.

When you report an email via SERS:

• All the information you provide is held securely, with strictly limited access.
• We will share all SERS phishing reports with NCSC in the UK.
• To help understand and reduce the prevalence of online fraud and cyber crime, we may also share information derived from phishing reports with local partners such as the Jersey Fraud Prevention Forum, the Financial Intelligence Unit, and States of Jersey Police.
• NCSC may share details with their law enforcement partners, such as the National Crime Agency and the City of London Police, to help identify investigation and mitigation opportunities.
• For more detail on how JCSC handles information you send us, please see our Privacy Policy.

Install the Office 365 ‘Report Phishing’ add-in

If you want to install the Office 365 ‘Report Phishing’ add-in you can follow the steps below. Please note that this add-in is only available for corporate or business versions of Office 365. The add-in is not currently available to Office 365 users with home or student licences. If you have an Office 365 home or student licence, you can manually forward your email to phishing@jcsc.je.

Your organisation must be willing to accept Microsoft’s terms of use before installing the Report Phishing add-in.

• Go to the Microsoft AppSource and search for the Report Phishing add-in.
• Click the Get it now button.
• Follow the instructions to complete the installation.
• It could take up to 12 hours for the add-in to appear in your organisation. Once it does, you can configure it to include the SERS service.

Include JCSC’S SERS in the Report Phishing add-in

Your organisation must be willing to accept Microsoft’s terms of use before installing the Report Phishing add-in.

1. Log into the Microsoft 365 Admin Center.
2. Navigate to the Exchange Admin Center.
3. From here navigate to Mail Flow -> Rules.
4. Click the Create New Rule button.
   • A ‘New Rule’ window will display.
5. Enter a name for your rule Report Phishing to SERS.
6. Set Apply this rule if to The recipient is phish@office365.microsoft.com
   • If you want to see what emails your users are reporting, you can also enter the email address of an email account you manage.
7. Set Do the following to Bcc the message to phishing@jcsc.je
   • If you previously reported to NCSC SERS, the legacy rule can be removed as JCSC will do this for you.
8. Click the Save button.

The rule is added. All emails flagged using the Report Phishing button will now be routed to JCSC’s SERS.

Guidance for internal staff

To help your staff use the Report Phishing add-in, we’ve produced some sample guidance that you may wish to modify and distribute:

We’ve made changes to Outlook, so that you can easily report phishing emails in your inbox. If you receive any email that you suspect is suspicious, select the message and click the new Report Phishing button.

In Microsoft Outlook desktop:

If you’re using the full Outlook program, the button appears in the main toolbar

In Microsoft Outlook for web:

If you’re using Outlook via a web browser, the button appears in the sidebar

Once clicked, you’ll be asked to confirm the submission:

If the Report Phishing button is not available, but you still wish to report a suspicious email to the Suspicious Email Reporting Service, you can do so by forwarding the email in question to phishing@jcsc.je

By reporting suspicious emails, you will helping to keep yourself, colleagues, and your organisation safe. Reported emails are submitted to Microsoft, Jersey Cyber Security Centre (JCSC), and to the UK National Cyber Security Centre (NCSC).

• Microsoft uses these submissions to improve the effectiveness of email protection technologies.
• JCSC will analyse the reports to help protect and defend Jersey from advanced threats, cyber crime and online fraud.
• The NCSC will analyse and take down any malicious websites found within these emails.

If you have any questions about this documentation, in the first instance please refer to your IT helpdesk.