Differences

This shows you the differences between two versions of the page.

--- outlook_plugin_phishing_incidents [2019/11/12 16:10] – [Using third-party plugin to report emails to LUCY] lucy
+++ outlook_plugin_phishing_incidents [2020/04/27 11:32] – [Deployment on Apple Computer] lucy
@@ Line 8: / Line 8: @@
   * Outlook 2013
   * Outlook 2016
+  * Outlook 2019
   * Office365
   * Office for Mac 2016
+  * Office for Mac 2019
   * Gmail
@@ Line 67: / Line 69: @@
 ^ Setting Name ^ Description ^ Outlook (MSI) ^ Office365 (XML) ^ Gmail ^
 | Send Reports Over HTTP | Enable this option, if you want the Outlook Plugin to send a copy of the reported phishing mail to LUCY (does not include emails from phishing simulations) and additionally add the statistical info about reported phishing emails to LUCY. |  +  |  +  |  +  |
+| Never report phishing simulations| No reports will be sent over HTTP if user reports a simulation email generated by Lucy. So the plugin will send only "real phishing" emails over HTTP. |  +  |  +  |  -  |
 | Send Reports over SMTP | Enable this option, if you want to forward the mail to the predefined mail address via SMTP. If enabled, the plugin will send the report to the email you provided on the same page. That is supposed to be your own email or the email of your security team. Please do not use this method at the same time with HTTP to send reports to LUCY, if you do not want to have duplicated reports. Only pick one delivery method. |  +  |  +  |  +  |
 | Use SMTP for receiving incident reports on Lucy| if enabled, Lucy will suppose it has to intercept emails that plugin sends over SMTP, so it configures the local postfix accordingly. All emails received will be added to incidents. If you do not enable this, even if the email configured points to Lucy, nothing will happen - Lucy won't wait for reports over SMTP. This option requires that the first e-mail in the "Email" field should be the e-mail of Lucy postfix server |  +  |  +  |  +  |
@@ Line 74: / Line 77: @@
 | Inline Message Forwarding | If true, the plugin will clear the body of the forwarded email when sending the report via SMTP. |  +  |  +  |  -  |
 | Deeper Analysis Request | If true, the plugin will ask the user whether to request deeper analysis of the reported phishing mail. |  +  |  +  |  -  |
+| Enable Comment to Deeper Analysis Request | If Deeper Analysis Request is true, the plugin will offer to the user an additional text box where the user can type any comment to the deeper analysis request. Additionally the user can configure a custom text that will appear instead of "Yes" or "NO" labels on the buttons |  +  |  -  |  -  |
 | Send reported mail attachment in EML format | Reported email message will be sent as an *.eml attachment. |  +  |  +  |  +  |
 | Disable Autoresponder for reports | If true, LUCY will not send an automatic email to a user as a reaction to report. |  +  |  +  |  +  |
+| Enable moving reported emails | If true, the plugin will move reported emails to the folder specified in "Move reported emails to" textbox instead of deleting the reported emails |  +  |  -  |  -  |
 | Notify of Expired Incidents | Check this to receive notification if there are reports older than 30 days. This notification will be delivered via email. |  +  |  +  |  +  |
@@ Line 145: / Line 150: @@
 ===== Deployment on Apple Computer =====
-Microsoft has "Office for Mac 2016" product, which requires the O365 account to run. When you open Outlook application on Mac, it fetches all plugins from the corresponding O365 account and shows them in the interface, so the plugin is available both in the web interface and on Mac. Therefore, you first need to install the plugin in O365 before you set it up on a MAC.
+Microsoft has "Office for Mac" product, which requires the O365 account to run. When you open Outlook application on Mac, it fetches all plugins from the corresponding O365 account and shows them in the interface, so the plugin is available both in the web interface and on Mac. Therefore, you first need to install the plugin in O365 before you set it up on a MAC.
 Outlook 365 sequence:
@@ Line 250: / Line 255: @@
   * DNS BL queries to bl.spamcop.net and zen.spamhaus.org
   * CI Army (list) (http://cinsscore.com/) - Network security Block Lists.
-  * Palevo Blocklists (https://palevotracker.abuse.ch/blocklists.php) - Botnet C&C blocklists.
   * Cybercrime tracker (http://cybercrime-tracker.net/) -
@@ Line 314: / Line 318: @@
 If you enable "send reports via SMTP" you cannot send emails to the same domain (e.g. "example.com") anymore: this setting will cause Lucy to intercept all your emails to "example.com" domain. If you remove the checkbox, then Lucy won't try to intercept emails for that domain and the feature will work as expected. Using "Send Reports Over SMTP" along with "Use SMTP for receiving incident reports on Lucy" is the other way to deliver phishing reports to Lucy. You can specify, for example, some custom email like lucy-phishing-reports@separatedomain.com as a primary email in Incidents settings, check both those checkboxes and point separatedomain.com MX records to Lucy. So all emails being sent to lucy-phishing-reports@separatedomain.com will be intercepted by Lucy, as well as emails sent from Outlook plugin - they will be added to "Incidents" page.  If you just want to receive a copy of incident report to your own email (yourname@example.com), that is not tied to Lucy, then you should keep "Use SMTP for receiving incident reports on Lucy" checkbox clear - in that case Lucy won't attempt to intercept anything and the plugin will just forward all reports to yourname@example.com.
-===== Using Your Own Plugin to Report Emails to LUCY =====
+===== Using your own plugin to report emails to LUCY =====
 There is a possibility to use your own plugin to report emails to LUCY.
 To do this you need:
-. Configure your domain that is used for LUCY so that its MX records might point to LUCY
+  - Configure your domain that is used for LUCY so that its MX records might point to LUCY
-. Configure an email address for receiving incident reports in Settings - Incidents Settings - Plugin Settings, this email address should use the domain configured on step 1.
+  - Configure an email address for receiving incident reports in Settings - Incidents Settings - Plugin Settings, this email address should use the domain configured on step 1.
-. Turn on check-boxes "Send Reports Over SMTP" and "Use SMTP for receiving incident reports on LUCY"
+  - Turn on check-boxes "Send Reports Over SMTP" and "Use SMTP for receiving incident reports on LUCY"
 After these steps are done you can forward any email as an attachment to the configured email address and LUCY will treat these emails as incident reports and display them on the "Incidents" page.