Phish alert button option to forward copy leaves copies of malicious emails in sent folder

douglas shatterly jr.

19 de janeiro de 2021 18:20

Since we use the option to forward PAB emails to IT admin and Microsoft  (see  360038409673) we noted that this leaves the copy of the malicious emails in users' sent folders. I would think the PAB functionality to "send a copy to X" should use the outlook send option of "save sent item to > Do not save" or something similar so ultimately there is no copy left in the users' mailbox.

I didn't see any other posts related to "sent folder" specifically so I thought I'd share.

0

• 

  Walter Nelson 27 de janeiro de 2021 17:04

  Hi Douglas,

  Thank you for posting to our community board! You are correct. For client PAB specifically, the reported email would be in the user's sent items as a forwarded message but deleted from the inbox. If it was reported incorrectly they can then retrieve it from the deleted folder or trash. Here is a link to our support article about this. That being said I did go ahead and submit a feature request on your behalf to use the outlook send option of "save sent item to > Do not save". I would like to mention we do have solutions for being able to rip any malicious emails from user's mailboxes using our PhishER platform and PhishRIP tool. Here are some articles that explain how each of those works.

  0

  Ações de comentário Permalink
• 

  Cecilia Escobar 9 de fevereiro de 2023 13:41

  Hello, the article indicates "The reported email will be in the user's Sent Items folder as a forwarded message and deleted from the user's Inbox. If the user incorrectly reported the email, they could retrieve it from their Deleted items and Trash folders" so it will be stored in the deleted folder either way? or is it removed from the inbox and if found not to be a thread it will be then moved to the deleted folder?

  Thanks

  0

  Ações de comentário Permalink
• 

  Kyle Kuba 9 de fevereiro de 2023 18:32

  Hello Cecilia,

  Thanks for reaching out! If a user PAB's a non-simulated email with the Client PAB, the email should be deleted from the users received inbox, and FWD to the correct address. The email itself will then be in the user's Sent Items folder as a forwarded message. The email will also be able to be found in the user's Deleted/Trash folders. With the ability of PhishRip, you are able to pull/delete messages from the users inbox if wanted/needed. 

  Note: Our Client MSI PAB has moved to end of life, as we have came out with our new EXE PAB. The new EXE will provide automatic updates now and has replaced the MSI. Outlook (EXE Version) Phish Alert Button Product Manual 

  0

  Ações de comentário Permalink

Por favor, entrar para comentar.