Knowledge Hub Add a Phishing Reporting Shortcut to Outlook

Add a Phishing Reporting Shortcut to Outlook

Outlook Logo with email and fish graphic
Outlook Logo with email and fish graphic

An add-in is available for Classic Outlook to help you with reporting any suspicious emails that land in your inbox.

It only takes a few minutes to install the add-in.

Outlook Phishing Reporting Add-In

Traditional Outlook:

In your Outlook, head to the ‘All Apps’ button in your ‘Home’ toolbar. Then ‘Add Apps’.

Traditional Outlook All AppsTraditional Outlook Add Apps

Search for the ‘Report Phishing’ add-in using the search bar, and open the app by clicking on the search result.

You will then see the add-in in your Outlook Home menu. Note: it can take up to 12 hours for the add-in to appear.

New Outlook:

In New Outlook, click on ‘More apps’ in your toolbar.

New Outlook More Apps Button

A menu will appear. You may see the Report Phishing add-in here, or you can 🔍search or ‘Add apps+’ to find and install the add-in.

New Outlook Add Apps

Adding the NCSC’s SERS to the Phishing Add-In

Did you know that if you receive an email that you believe is a phishing email, you can report it to a Suspicious Email Reporting Service (SERS)? The National Cyber Security Centre (NCSC) runs this service. This service can now be added to the Outlook add-in. By doing this, the NCSC can analyse any emails and remove sites from malicious links.

To enable this on the add-in, you will need access and administration rights to your organisation’s Microsoft 365 Admin Center. If you would like Breakwater to enable this add-in function for you, please raise a ticket in the Breakwater Hub.

Here’s how to do it yourself:
  1. Log into the Microsoft 365 Admin Center
  2. Navigate to the Exchange Admin Center
  3. From here navigate to Mail Flow -> Rules
  4. Click the Create New Rule button
    A ‘New Rule’ window is displayed
  5. Enter a name for your rule Report Phishing to SERS
  6. Set Apply this rule if to the recipient is phish@office365.microsoft.com
    If you want to see what emails your users are reporting, you can also enter the email address of an email account you manage
  7. Set Do the following to Bcc the message to report@phishing.gov.uk
  8. Click the Save button
    The rule is added. All emails flagged using the Report Phishing button will be routed to the NCSC’s SERS

Please note these steps only applied to Classic Outlook.

Laptop graphic with fishing rod and red fish

How to Recognise Phishing Attacks

For more information on how to recognise phishing attacks, read, watch, or download our free guide.

Latest Guides

Microsoft 365 Monthly Feature Update. Microsoft Logo.
Microsoft 365 Monthly Feature Update
Check out our top Microsoft 365 feature releases each month.
Read more
The New Outlook Logo on top of the Classic Outlook Logo
New vs Classic Outlook – What’s the Difference?
Read or watch our summary of the key differences.
Read more
Graphic of a document with AI Policy as the header.
Writing Your AI Policy
AI isn't going anywhere. Read our top recommendations to include in your AI policy.
Read more