TIP - Reporting phishing emails and suspicious email banners is only available when Email Security is running in Active Mode. For more information, see Change protection mode of Email Security in Nebula.
If a user finds a suspicious email in their mailbox, they can report it by forwarding the email to the Phishing Mailbox or using the Report Phishing button in Outlook. Be sure to provide the Phishing Mailbox address to your users so they can use it. For more information on configuring those options, see Set up Report Phishing with Email Security in Nebula.
Reporting suspicious emails helps the adaptive AI learn and improve its ability to catch these emails in the future.
Review reported email
Once a user reports a suspicious email:
- A notification is sent to the email addresses configured in the Notifications section and includes the Incident ID and email reporter. For more information on how to receive those emails, see Set up notifications with Email Security in Nebula.
- An admin navigates to Manage > Email Security, then Email Incidents > Needs attention.
- Locate the incident and click on the Incident ID. Filter by Incident ID or Status if you need to narrow the results.
- Review the sender, subject, email content, metadata, and related links. Typos, urgent calls to action, and misspelled or spoofed email addresses are common signs of suspicious emails. For more information on the details available for each incident, see Email Security Needs Attention page in Nebula.
- Determine if the email is safe or not, then click Categorize as and select the appropriate option:
- Categorize as Phishing: The email remains quarantined and is logged as Phishing.
- Categorize as Spam: The email remains quarantined and is logged as Spam.
- Categorize as Safe: Marks the incident as safe and releases the email to the mailbox.
Suspicious email banners
In Active Protection mode, contextual banners appear on emails to inform users about potential risks. These banners are designed to warn users of suspicious content or risky senders and help end-users determine if they should forward the email. For example, the banner can alert users to possible impersonation attempts by checking the sender and address.
Return to Email Security guide.