All phishing emails must be reported to the company’s Cyber Security Updates channel in MS Team and to Microsoft Support Desk.

Report a Phishing Email in MS Teams

1. In Karbon, take a screenshot of the Phishing email you have received
2. In Microsoft Teams click on the Teams  icon
3. Select the Cyber Security Updates under the ECA Updates & Announcements Team
   
   è  The Cyber Security Updates Channel
   
   
   
   
4. Highlight the previous message and copy it
5. Click on [New conversation] then click on the Format  icon 
   
   è  The New conversation message opens
   
   
   
   
6. In the Add a subject field type: Phishing Alert
7. Click on the conversation field and paste the text
8. Replace the text with the details of the current phishing email you have received
9. Paste the screenshot of the Phishing email
10. Post the new conversation

Report the Phishing Email to Microsoft

1. Log into Office 365 from Practice Protect and go to Outlook
2. Find the Phishing Email in your inbox
   
   è  Microsoft Outlook inbox
   
   
   
   
3. Click on [Junk] > Phishing
   
   è  A confirmation message is displayed
   
   
   
   
4. Click on [Report]

Blacklist the Email Sender

If the sender of the phishing email is unknown to you, you should also "blacklist" their email address. By blacklisting the sender any further fishing emails from that sender will be blocked.

Note: please do not blacklist phishing emails coming from one of our genuine Clients' email addresses, please make sure you inform the Client their email has been hacked.

1. Copy the sender's email address from Karbon
   
   è  The phishing email in Karbon Triage
   
   
   
   
2. Open Kaspersky Small Office Security
   
   è  Kaspersky Small Office Security
   
   
   
   
3. Click on the Settings icon  on the bottom left-hand side of the screen
   
   è  Kaspersky Settings screen
   
   
   
   
4. Click on [Anti-Spam]
   
   è  Kaspersky Anti-Spam settings screen
   
   
   
   
5. Expand the Advanced Settings Menu and click on Select... next to it is from a blocked sender
   
   è  Kaspersky Blocked senders screen
   
   
   
   
6. Click on [+ Add]
   
   è  Kaspersky Add blocked senders address screen
   
   
   
7. In the email address mask type either:
   • The full email address > If you wish to block just that email (not all emails coming from that mailbox domain)
   • *@domainname > If you wish to block all emails coming from that mailbox domain
8. In Status select: Active and click on [OK]
   
   è  The email address is added to the list of blocked senders
   
   
9. Clear the email in Triage

Examples of when to use a full email address or *@domainname

Example 1 - Using the full email address

You have received a suspicious email with a strange attachment from one of our regular clients. Upon checking the sender's email address in Karbon you notice the email does come from the client's usual domain name, but it's not one of the regular client's email addresses. You contact the client and let them know about the suspicious email you have received. After investigating, the client confirms they were hacked and a new email address was created by the hacker for phishing purposes. In this case, you would only block the specific email address.

Example 2 - Using the *@domainname

You receive a phishing email from an overseas company. Even though other email addresses from the same business may be genuine, you know it would be highly unlikely Evolution Cloud Accounting would have any dealings with this company. In this case, you would block the entire mailbox domain by typing *@domainname