Phish Report forwarded message
closed
M
Matthew Waddell
When an email is reported that is not a phishing test, it is configured to forward to our PSA as a ticket. However, the ticket details don't have any header information of the email. Our technicians are having to open the email and are concerned about doing so on their devices.
Could you add the original header information in the notification email to prevent the requirement to open a potentially hazardous email?
Autopilot
Merged in a post:
More Information on Forwarded Reported Phishing Attempts notification email
A
Andy P.
Hi, We have the Forward Reported Phishing Attempts setup to receive forwarded reports of phishing from their learners, currently these notifications only include a copy of the email which will be a genuine Phishing email.
In the notification text that is sent with the attached Phishing email, please could the notification email text be updated to include:
- From address of the Phishing email
- Subject line of the Phishing email
- Received Date and time from Phishing email
This will enable us to locate the Phishing email in our email filtering platform without opening the Phishing email attached to the notification email as the Phishing email could be dangerous or contain malware.
Thanks,
Dima Kumets [Product Manager - Huntress]
marked this post as
closed
We have the complete email including headers as an attachment from the report-a-phish button. We are not planning on duplicating the content inside the message in the email itself. If there are concerns about the safety of opening the message, I'd recommend either using some automation for pulling headers or changing the association of .eml files to open up in a text editor rather than an email.
J
John Hardwick
Dima Kumets [Product Manager - Huntress]
So just confirming -- what did you change, or just that none of these requests will be handled? I just compared an email from today with one from December and see no differences.
R
Rob Wolf
Dima Kumets [Product Manager - Huntress]
I don't think there was a successful deploy to Live. I'm still seeing all of the content inside the message in the email itself.
J
John Hardwick
Rob Wolf
Interesting, we had the "Attachment" in December, the same as we do today.
Dima Kumets [Product Manager - Huntress]
Are you looking to have this information in the body of the email or just the original eml (rather than forwarded email)?
A
Andy P.
Hi Dima Kumets [Product Manager - Huntress] If the original email could be attached to the alert in an .eml or .msg format would work please. Alternatively if attaching the original email is not possible then having the From Address, To Address and Email Body within the email alert would also be suitable as this would provide us with enough information to track down the original email in our email filter.
Thanks,
Dima Kumets [Product Manager - Huntress]
marked this post as
this quarter
We are going to be making this change later this quarter.
R
Rob Wolf
Dima Kumets [Product Manager - Huntress]
Hello. Just checking in here - will this be available soon?
Dima Kumets [Product Manager - Huntress]
Rob Wolf: We are now delivering the original message as an attachment that was picked up via API from the report-a-phish button. We have not duplicated content from inside the message.
Autopilot
Merged in a post:
Dee Dee Report a Phish button concern
R
Rob Wolf
When an email is reported via the Dee Dee Report a Phish button, it is configured to forward to a distro group for review. It loads as an *.eml file which to my organization seems like a security risk. We just need the header information of the email. Our technicians are having to open the email and are concerned about doing so on their devices. Could you add the original header information in the notification email to prevent the requirement to open a potentially hazardous email?
Autopilot
Merged in a post:
{SAT Feature Improvement} Report Phish Button - Include email header information
M
Matti Zayas
Ask: Include email header information in the notification sent from the Report Phish button. There is no way to parse out the sender and recipient email information that is received from the report phish button. In scenarios where PSA ticket integrations parse out the email header data for their support teams' use, this is not possible at this current time.
Outcome: Summarized report of the email header information included with a preview of the reported email