Plugin Settings
Last updated
Last updated
Navigate to Settings -> Submitted Email Settings -> Plugin Settings
LUCY includes a "Phish Alert" plugin for various mail clients and browsers, enabling users to safely report suspicious emails with one click. The reported emails are analyzed by LUCY’s Threat Analyzer, enhancing the organization’s security by involving employees in proactive threat reporting.
The plugin has two main purposes:
Forwarding Suspicious Emails:
Users can forward emails to a predefined address (e.g., security team).
A appears to the user post-reporting.
Reporting to LUCY:
Suspicious emails can be sent back to LUCY for .
LUCY-generated emails are processed in campaign statistics.
The plugin is an unsigned MSI file programmed as a C++/COM object and bundled with Microsoft Visual C++ 2015 Redistributable. Loading time is around 10ms.
The Office 365 version always uses the system's built-in web browser to send data to LUCY.
Both the XML (Office 365) and MSI (Outlook) versions can utilize system proxy settings (if present) without additional setup.
Office 365 (Desktop, Web, Mobile)
Outlook 2016, 2019
Outlook for Mac (2016, 2019)
Gmail
Using "Send reports over SMTP" and "Use SMTP for receiving incident reports" will cause LUCY to intercept all emails to the reporter domain. In other words, recipients on the same domain as the reporter email will no longer receive any emails from LUCY.
| Category | Setting | Description |
|---|
| Category | Setting | Description | Outlook/O365/Gmail |
|---|
UI | Default Language | Set the plugin's default language. |
This setting defines the email address where suspected phishing emails are forwarded. Multiple email addresses can be used, separated by a semicolon symbol ( |
Inline Message Forwarding | If enabled, the plugin will clear the body of the email before forwarding. |
Deeper Analysis Request | If enabled, the plugin will ask the reporter if they'd like the security team to analyze the email. |
Deeper Analysis Comment | If enabled, the plugin will add a comment field to the report UI. |
Attachment Format | Reported message will be forwarded in |
Disable Autoresponder | If enabled, LUCY will not send any automatic response to reporters. |
HTTP | Send Reports Over HTTP | If enabled, the plugin will send incident reports to LUCY over HTTP(s). |
Never report simulations | If enabled, the plugin will not forward simulation emails over HTTP(s). |
Enable O365/MSI Plugin authentication | You can optionally enable user authentication in your reporting workflow. See here for more details. |
SMTP | Send reports over SMTP | If enabled, the plugin will send incident reports via SMTP. |
Use SMTP for receiving |
Never report simulations | If enabled, the plugin will not forward simulation emails over SMTP. |
Send simulations over HTTP | If enabled, the plugin will forward simulation emails over HTTP(s). Use this option if you want to ignore simulation emails in your incidents dashboard, but still want the report to be included in campaign stats. |
Use X-Headers | If enabled, the plugin will add a header to the forwarded email:
|
Actions | Delete reported email | Select this action and the plugin will delete the original message after reporting. |
Move reported email to folder | Select this action and the plugin will move the original message to the configured location after reporting. |
Move reported email to junk | Select this action and the plugin will move the original message to the user's junk folder after reporting. |
Notify of expired incidents | Enable this to receive email notifications about reports more than 30 days old that have not been categorized. |
UI | Language | Choose the language preset to configure it specifically for the needed language. |
Ribbon Label | The name of the area in the ribbon where the button appears. |
Success Message | Success Message Body | The body of the message displayed after successfully reporting an email. |
Success Message Title | The title of the message displayed after successfully reporting an email. |
Success Message Button | The text displayed on the button after successfully reporting an email. |
Success message body For <Software Name> Emails | The body of the message displayed after successfully reporting an email. |
Report Button | Report Button Text | The text displayed on the report button. |
Report Button Sub-Text | The sub-text displayed on the report button. |
Report Title | The title of the message displayed after clicking the report button. |
Errors | Error Title | The title of the message displayed when any error occurs. |
Send Error Message | The message displayed when an issue with sending the report occurs. |
Analysis Request | User Request Message | The message displayed after marking a suspected phishing email and clicking the report button. |
Deeper Analysis Request Message | The message displayed after clicking the report button for deeper analysis. |
Deeper Analysis Request Title | The title of the message displayed after clicking the report button for deeper analysis. |
Subject | The subject of the forwarded email message when sending a report over SMTP. |
For "Yes" Action | Set the action for "Yes" in the Deeper Analysis Request. |
For "No" Action | Set the action for "No" in the Deeper Analysis Request. |
//
//
//
//
//
//
//
//
//
//
//
//
//
//
//
//
//