Visit our WebsiteContact Support

Plugin Settings

Navigate to Settings > Submitted Email Settings > Plugin Settings

Introduction

LUCY includes a "Phish Alert" plugin for various mail clients and browsers, enabling users to safely report suspicious emails with one click. The reported emails are analyzed by LUCY’s Threat Analyzer, enhancing the organization’s security by involving employees in proactive threat reporting.

The plugin has two main purposes:

  1. Forwarding Suspicious Emails:

    • Users can forward emails to a predefined address (e.g., security team).

    • A custom message appears to the user post-reporting.

  2. Reporting to LUCY:

    • Suspicious emails can be sent back to LUCY for analysis.

    • LUCY-generated emails are processed in campaign statistics.

Technical Details

  • The plugin is an unsigned MSI file programmed as a C++/COM object and bundled with Microsoft Visual C++ 2015 Redistributable. Loading time is around 10ms.

  • The Office 365 version always uses the system's built-in web browser to send data to LUCY.

  • Both the XML (Office 365) and MSI (Outlook) versions can utilize system proxy settings (if present) without additional setup.

Supported email clients

  • Office 365 (Desktop, Web, Mobile)

  • Outlook 2019 and up

  • Outlook for Mac 2019 and up

  • Gmail

Plugin Settings

Default Language

Set the plugin's default language.

Email

Add a list of emails to receive incident reports. Multiple emails can be separated by a semicolon (;).

Send reports over HTTP

If enabled, the plugin will send incident reports to LUCY over HTTP. If your Lucy domain has an SSL certificate, the report will be sent over HTTPs instead.

If this setting is not enabled, no incidents will appear in the Incidents Dashboard.

Phishing Incident Report Settings

Choose one:

  • Always receive simulation reports – All simulation reports sent to Lucy will be saved and included in the statistics.

  • Send report (update stats, don’t save) – The plugin sends the report to Lucy, Lucy updates the report statistics, and then discards the report without saving it.

  • Do not send report – The plugin will not send the report to Lucy at all, and statistics will not be updated. Only supported by the Outlook O365 plugin.

Enable MSI Plugin Authentication

You can optionally enable user authentication in your reporting workflow.

This option is not needed for most cases. Leave this setting disabled unless you know you need it.

Send reports over SMTP

If enabled, the plugin will send incident reports via SMTP to the list of emails defined in the Email setting above. If this setting is not enabled, no incident email reports will be sent.

Use SMPT for receiving incident reports

If enabled, incident reports will be sent to Lucy using SMTP.

To avoid duplicate incident reports, please select only one of the following methods: Send Reports over HTTP or Use SMTP for receiving incident reports.

When using Send reports over SMTP and Use SMTP for receiving incident reports together, LUCY will intercept all emails to the domains used for receiving the reports.

In other words, recipients on the same domains as the reporter emails will not receive any emails from LUCY.

Phishing Incident Report Settings

Choose one:

  • Always receive simulation reports – All simulation reports sent to Lucy will be saved and included in the statistics.

  • Send report (update stats, don’t save) – The plugin sends the report to Lucy, Lucy updates the report statistics, and then discards the report without saving it.

  • Do not send report – The plugin will not send the report to Lucy at all, and statistics will not be updated. Only supported by the Outlook O365 plugin.

Send phishing simulations over HTTP

If enabled, the plugin will forward simulation emails over HTTP(s). Use this option if you want to ignore simulation emails in your incidents dashboard, but still want the report to be included in campaign stats.

Use X-Headers in forwarded emails

If enabled, the plugin will add a header to the forwarded email:

X-CI-Report: True

It will also add this HTML to the body of the message:

<p>X-CI-Report: True</p>

Inline Message Forwarding

If enabled, the plugin will clear the body of the email before forwarding.

Deeper Analysis Request

If enabled, users will see a popup asking whether they want to request deeper analysis of the reported phishing email (supported only in O365 and MSI plugins).

Deeper Analysis Comment

If enabled, the plugin will add a comment field to the report UI. Only supported in the MSI plugin.

Send reported mail attachment in EML format

By default, emails are forwarded in .msg format. Enable this setting to forward them as .eml instead.

Disable Autorepsonder for Reports

If enabled, LUCY will not send any automatic response to reporters.

Actions for reported emails

When an email is reported, the plugin will do one of the following:

  • Delete the reported email.

  • Move reported email to a folder.

    • You can specificy a folder with this setting, but the folder must already exist.

  • Move reported email to the Junk Folder.

Notify of expired incidents

Enable this setting to receive notification if there are reports older than 30 days.

Anonymous simulation reporting

When enabled, all phishing simulation reports will be marked as anonymous. The reporter's email and message content will not be saved or displayed.

Anonymous simulation reporting is only available in Lucy version 5.6 and up.

Anonymous phishing reporting

When enabled, all real phishing reports (i.e., not simulations) will be marked as anonymous. The reporter's email and message content will not be saved or displayed.

Anonymous phishing reporting is only available in Lucy version 5.6 and up.

UI Settings

Configure these settings in the Language tab.

Setting
Description
Outlook/O365/Gmail

Language

Choose the language preset to configure it specifically for the needed language.

//

Ribbon Label

The name of the area in the ribbon where the button appears.

//

Success Message Body

The body of the message displayed after successfully reporting an email.

//

Success Message Title

The title of the message displayed after successfully reporting an email.

//

Success Message Button

The text displayed on the button after successfully reporting an email.

//

Success Mmessage Body

The body of the message displayed after successfully reporting an email.

//

Report Button Text

The text displayed on the report button.

//

Report Button Sub-Text

The sub-text displayed on the report button.

//

Report Title

The title of the message displayed after clicking the report button.

//

Error Title

The title of the message displayed when any error occurs.

//

Send Error Message

The message displayed when an issue with sending the report occurs.

//

User Request Message

The message displayed after marking a suspected phishing email and clicking the report button.

//

Deeper Analysis Request Message

The message displayed after clicking the report button for deeper analysis.

//

Deeper Analysis Request Title

The title of the message displayed after clicking the report button for deeper analysis.

//

Subject

The subject of the forwarded email message when sending a report over SMTP.

//

For "Yes" Action

Set the action for "Yes" in the Deeper Analysis Request.

//

For "No" Action

Set the action for "No" in the Deeper Analysis Request.

//

PreviousIncident AutoresponderNextClients

Last updated

Was this helpful?