“Phishing” is a form of Internet scam that has become much more common in the past few years. A phishing attempt will usually come in the form of an email that tries to fool you into believing it’s a message from an authentic company and that it needs you to enter your personal information to validate your account. Everything about the email may appear real, but it’s actually an elaborate scam designed to steal your data.

If you click on any of the links inside the email, you can inadvertently provide hackers with access to your password. If opened, the URL may also take you to a malicious webpage that imitates the real webpage of an email service provider, such as Google or Microsoft. Once you enter your account information on that webpage, you’re automatically redirected to the vendor’s official website. But in between the phony page and the real one, the hackers can lay their hands on your credentials and leverage them to compromise your account.

Lots of people fall for phishing scams: if you’re distracted or at work, a quick glance might make you think this is a legitimate message. And because the same email can be sent to a number of recipients, hackers can hit a lot of individuals at once, and even a few clicks in thousands could net them a good return.

Of course, the conventional advice still holds. Always check the URL of the links inside an email by hovering your mouse over them, and never respond to emails asking for account credentials until you double-check their validity (call the sender/firm on a number you’re familiar with). But even if you’re following time-tested advice, some added protection doesn’t hurt.

An efficient way to identify a malicious email is setting up an extra notification to warn you when a phishing email arrives. In Outlook, you can add a phishing notification button to protect yourself from phishing-related compromise. Below is a detailed, step-by-step guide to phishing notification set up for Outlook users.

Steps to Add a Phish-Alert Button in Outlook

  1. Launch Outlook.
  2. Click the tab for Home → Junk and select Junk Email Options.
  3. Alternatively, you can right click on an email message and click Junk → Junk Email options in the menu that appears.
  4. In the dialog box for Junk Email Options, click “High: Most junk email is caught, but some regular mail may be caught as well. Check your Junk E-mail folder often.”
  5. Also, click/check the following boxes:
    1. Disable links and other functionality in phishing messages. (recommended)
    2. Warn me about suspicious domain names in e-mail addresses. (recommended)
  6. Click OK.

Once you’ve taken these steps, a phishing warning will appear when an email with phishing links arrive in your inbox.

How to Add the “Check Malicious” Utility in Outlook

Another option for receiving phishing notifications is the Check Malicious utility from Kutools for Outlook. Here’s how it works:

  1. Install Kutools for Outlook.
  2. Enable its functionality by clicking the box that says “Check Malicious” in the “Security” navigation under Kutools tab.
  3. When you receive emails that contain phishing links, a pop-up warning will appear to inform you that the message you recently received is a malicious attempt from a threat actor.
  4. Simultaneously, a “Malicious” sign is automatically added to the subject line, so the recipient can easily distinguish standard emails from malicious ones in the mailbox.

Ethical Hacking Training – Resources (InfoSec)

More Ways to Combat Outlook-Related Phishing Scams

In addition to integrating a phishing button in Outlook, you can take the following measures to deal with phishing.

  1. Search the Internet for the email subject line and include the words “fraud” or “hoax” in your search to see if others have reported this subject line.
  2. Keep an eye out for poor copy or alternate spellings of words that aren’t commonly used by native speakers in your country. This is a common red flag for an email written by a scammer.
  3. If the sender is claiming to be an official representative of a company, contact that company’s support staff via web browser or phone to see if the claim is genuine.
  4. Double-check the URL of a webpage before entering personal information or credentials to confirm that it is officially part of the digital properties of the company that has sent the email.
  5. Forward suspected messages to spam@uce.gov and to the company impersonated. Make sure to include the full email header by searching the name of your email provider with “full email header” in Google.
  6. Go to identitytheft.gov. Those affected by phishing are at serious risk of identity theft. Fortunately, there’s a lot you can do to reduce your risk.
  7. You can also send a report to reportphishing@apwg.org. This email address belongs to The Anti-Phishing Working Group, which is comprised of financial institutions, law enforcement agencies, security vendors and ISPs. Victims’ reports are used to combat phishing.

It takes a little effort to combat Outlook scams enterprise-wide, but when phishing notifications are combined with security training they give you some great defense against malicious emails. And critically, they empower the end user by allowing them to become a part of the defense, rather than part of the problem.