Setting up a rule to automatically detect UW System Phishing Emails
Setting up a rule to automatically detect UW System Phishing Emails
Because phishing your own employees is dumb...
Create a Rule in Outlook Client
-
Open Outlook and, under the Home tab, click on the Rules button in the Move area.
-
Click Create Rule…
- Click on the Advanced Options…button
-
Scroll down to the option that says with specific words in the message header and check the box.
-
Click on the specific words link
-
In the text box enter X-Phish and then click Add. Your search list should say “X-Phish” with the quotes. This is expected behavior and your screen should look like this:
-
Click OK to close the window.
-
Back on the Rules Wizard screen click Next.
Now you have a choice as to what to do with the message:
-
To assign it to a Phish category I select the assign it to the category category.
-
Then I click on the category link to assign it to a category "Phish" (renamed from something else).
-
Now when I receive a phishing email from UW System it flags it for me. I also have it flagged for follow-up in tasks.
-
You can further add an action to forward the message to abuse@wisc.edu and then move it to the trash.
Caveats:
-
This rule will NOT flag all phishing emails and should not be used as a phishing identifying rule; it will however handle UW System-sponsored phishing emails if they do not change the custom header from the current one,
X-Phish
. Making this change would be tricky on their end, however, as it would break a lot of services. Maybe. Probably. It is unknown. -
Outlook must be running for the rule to work. If you primarily use WiscMail Web (Outlook on the web) the rule will not apply unless Outlook is also running.
Source: https://support.knowbe4.com/hc/en-us/articles/360062090094-Identify-a-Phishing-Security-Test-PST