Because phishing your own employees is dumb…

Create a Rule in Outlook Client

  • Open Outlook and, under the Home tab, click on the Rules button in the Move area.

  • Click Create Rule…

  • Click on the Advanced Options…button

  • Scroll down to the option that says with specific words in the message header and check the box.

  • Click on the specific words link

  • In the text box enter X-Phish and then click Add. Your search list should say “X-Phish” with the quotes. This is expected behavior and your screen should look like this:

  • Click OK to close the window.

  • Back on the Rules Wizard screen click Next.

Now you have a choice as to what to do with the message:

  • To assign it to a Phish category I select the assign it to the category category.

  • Then I click on the category link to assign it to a category “Phish” (renamed from something else).

  • Now when I receive a phishing email from UW System it flags it for me. I also have it flagged for follow-up in tasks.

  • You can further add an action to forward the message to abuse@wisc.edu and then move it to the trash.

Caveats:

  • This rule will NOT flag all phishing emails and should not be used as a phishing identifying rule; it will however handle UW System-sponsored phishing emails if they do not change the custom header from the current one, X-Phish. Making this change would be tricky on their end, however, as it would break a lot of services. Maybe. Probably. It is unknown.

  • Outlook must be running for the rule to work. If you primarily use WiscMail Web (Outlook on the web) the rule will not apply unless Outlook is also running.

Source: https://support.knowbe4.com/hc/en-us/articles/360062090094-Identify-a-Phishing-Security-Test-PST