In September 2019, the SMC IT Information Security Team implemented an advanced anti-phishing platform, Ironscales, that will help protect our mailboxes from real time phishing / malicious email attacks.
(To report phishing from older Notes Mail dbs, forward email to email@example.com - this only applies to old Lotus Notes mail dbs. Please follow steps below to report phishing within Microsoft Outlook email.)
You will see a new Report Phishing button on your toolbar in the Outlook client. Click this button for any suspicious email, whether you think it’s phishing or malware related. (Spam should still be reported as junk within the client.)
Ironscales will also alert you on incoming emails that it does not recognize. Unlike our current [External Email] banner, Ironscales is a lot smarter and will let you know why you should be careful with the marked email. You will see this type of banner a lot in the beginning as it learns who you normally communicate with. There is nothing you need to do, it will learn automatically.
Mobile and Web Outlook users will see something very similar. When you have an email open, just click on the three dots on the upper corner of the email. There will be an option to 'Mark as phishing.'
From this point forward, we ask that you use the button to report all suspicious emails via this new tool.
How does this help SMC?
In the background, if enough diligent users mark an email as suspicious Ironscales will actively pull that same email from everyone’s inbox. It can then determine if it’s safe or not. If it is, it will be redelivered to all inboxes.
What is Phishing?
Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication channels. The attacker uses phishing emails to distribute malicious links or attachments that can perform a variety of functions, including the extraction of login credentials or account information from victims.
What is the difference between Phishing emails and spam emails?
Spam is unsolicited email, often of a commercial nature while phishing emails are sent to fraudulently obtain sensitive information with malicious intent.
What am I expected to do?
This button will allow you to report an email that you find suspicious directly from your email account to the security team. If you are unsure whether the email you received is suspicious or unsafe, please report it! We will do the rest.
What happens when you report an email?
Our security team will review your report and classify it. We then use tools and resources to make the determination of whether it is a bad email or not. You will get an email notification regarding your report’s status.