Reporting Suspicious Emails (Phishing), Other Suspicious Messages, and Unwanted Emails (SPAM)
Reporting Suspicious Emails (Phishing), Other Suspicious Messages, and Unwanted Emails (SPAM)
Your first instinct may be to ignore or delete unwanted or suspicious messages, but we urge you to use the below information to determine the proper classification and treatment for your scenario. These classifications align with the relevant threat level to Edifecs security.
I clicked on a link, downloaded or opened a suspicious file, responded to a suspicious email, text, and/or provided information. What do I do now?
Immediately report this to IT.Ticket@edifecs.com and copy security@edifecs.com. Please include the original email or text as an attachment along with any details you provided and the name of the device you were using (Edifecs laptop, workstation, or personal mobile device). The device may need to be quarantined from the network. Once the message has been reported, please permanently delete it from your email and/or device.
I haven't taken any action yet, how do I send a suspicious email to IT and the security team for review?
Edifecs is using PhishER from KnowBe4 to report and analyze phishing emails. There are two ways to report suspicious emails and both are explained below:
1-PAB
The “Phishing Alert Button” or “PAB” and is located in your Outlook tray. Simply highlight/select the email you want to report and click the Phish Alert Button (PAB) located in Outlook. This will automatically send the suspicious email to Edifecs’ email scanning tool, PhishER, and move the email to your Trash folder.
Windows Outlook Client
Mac Outlook Client
Outlook.Office.com O365
If you use Outlook online, you will need to add the Phish Alert button by customizing your Outlook settings. Go to the gear at the top of the page and then select “View all Outlook settings” at the bottom of the pop-out on the right-hand side.
This will open the Settings window. From here, you will go to Mail > Customize actions > Message Surface and check the Phish Alert box as shown below.
After making the above customization in your Online Outlook settings, you will be able to see the Phish Alert button on a message you are reading either in your email preview window or if you open the email.
The PAB makes “phighting the phish” as easy as a click of the button! PhishER will evaluate the email and provide a return email response of “Clean”, “Threat”, “Spam” or “Unknown”. Details related to each classification provided by PhishER are below:
Clean: The email that was reported to PhishER was classified as clean. A clean classification means that the scanning performed by PhishER revealed that the content, including any links and/or attachments, has not been identified as malicious and meets the specified threshold to be classified as clean.
Threat: The email that was reported to PhishER was classified as a threat. Thank you for reporting this email! All emails identified as threats will be reviewed by the security team and escalated for action to further protect Edifecs.
Reminder: If at any point, you clicked a link, opened or downloaded an attachment, immediately report this to IT.Ticket@edifecs.com and copy security@edifecs.com. Please include the original email or text as an attachment along with any details you provided and if you were on your Edifecs laptop, workstation, or personal mobile device (including phones).
Unknown: The email that was reported to PhishER was classified as unknown. An email with the classification of unknown does not meet the specified confidence level to accurately classify the email as clean, spam, or a threat. All unknown classifications will be evaluated by a security team member for manual classification. In cases of unknown emails, the security team will work to handle them as expeditiously as possible.
Spam: The email that was reported to PhishER was classified as spam. A spam classification indicates that the scanning performed by PhishER revealed that the content in the email was not malicious but meets the specified threshold to be classified as spam. Spam can be any unsolicited or unwanted junk mail. Note: For emails that you can easily identify as spam, use the “Mark as Spam” button (Windows for Outlook users only) to report spam and not the PAB. The PAB is for suspected phishing emails only. Please find details on handling spam toward the end of this guide.
I do not see the PAB in my email client.
The PAB button was first rolled out to all of Edifecs on December 22, 2021. If you aren’t seeing the PAB in your Outlook tray, please log out or quit Outlook. Once you re-open Outlook, you should see the PAB. If you are still not seeing the PAB button, please reach out to the security and compliance team via email: security@edifecs.com.
2-Forwarding to Phishing@edifecs.com
If you still aren’t seeing the PAB in your Outlook tray or you use a different email client, you can alternatively report a suspicious email or phishing scam by forwarding the phishing email as an attachment to phishing@edifecs.com using one of the following methods:
Outlook Desktop
- Select the suspicious email in Outlook.
- Press Control-Alt-F to open a draft email message with the suspicious email as an attachment.
-
Add phishing@edifecs.com in the To: field of the draft email message.
- Send the email.
Outlook Online
- Select New to compose a new message.
- In the upper right-hand corner of the new message, click the icon to compose the message in its own window.
- Drag the suspicious email into the body of the new message to add it as an attachment.
-
Add phishing@edifecs.com in the To: field of the draft email message.
- Send the email.
Apple Mail
- Select the suspicious email in Mail.
- Select Message, then Forward as Attachment from the menu bar (or right-click and select Forward as Attachment).
-
Add phishing@edifecs.com in the To: field of the draft email message.
- Send the email.
Why must you forward the suspicious email as an attachment?
When you forward the message as a regular email, details in the header (full header) are not included. Simple headers (To/From) can easily be forged to trick you into taking action. Full headers provide information about the path the message traveled to get to your Inbox and are necessary to assist in diagnosing, containing, and possibly preventing more phishing attempts.
*If the email client you use is not currently on the above list, please contact security@edifecs.com and the Edifecs security team will update this procedure to include the steps to report emails for your email client.
SPAM
I haven't taken any action and I think the message is SPAM.
SPAM is essentially digital junk mail. SPAM messages are always unsolicited and unwanted junk email or messages. SPAM email is never ideal to receive; however, it is generally of little threat to Edifecs and mostly only a nuisance. SPAM messages are generally promotional or advertising of products or services. If your message does not ask you to take action by clicking a link, changing your password, paying an invoice, buying gift cards or providing other information that can be used to take over your account or device, then it’s likely only SPAM.
All Edifecs workforce members who are using Outlook for Windows as their email client will have the ability to use the Barracuda SPAM button (shown below). If you already have this in your Outlook tray as shown below, you simply select the message and click “Mark as Spam”. If you do not see this option in your Outlook client, please download the Outlook add-in for Windows using these below in Appendix A. Please contact the Help Desk if you have any questions or issues downloading the add-in.
NOTE: If you do not see this option in your Outlook client, please email the IT Help Desk for information on installing this.