Setting up a rule to automatically detect UW System Phishing Emails

Setting up a rule to automatically detect UW System Phishing Emails

  1. Open Outlook and, under the Home tab, click on the Rules button in the Move area.

  2. Click Create Rule…

  3. Click on the Advanced Options…button

  4. Scroll down to the option that says with specific words in the message header and check the box. 

  5. In the Step 2: window, click on the specific words link

  6. In the top box, type in X-Phish and then click Add. Your search list should say “X-Phish”. Click OK to close the window. 

  7. Back on the Rules Wizard screen click Next.

  8. Now you have a choice as to what to do with the message:
    • To assign it to a Phish category I select the assign it to the category category. Then, in the Step 2 window, I click on the category link to assign it to a category I renamed to Phish. Now when I receive a phishing email from UW System it flags it for me.

    • You can further add an action to forward the message to abuse@wisc.edu and then move it to the trash. 

  9. Caveats:
    • This rule will NOT flag all phishing emails and should not be used as a phishing identifying rule; it will however handle UW System-sponsored phishing emails with ease.

    • Outlook must be running for the rule to work. If you primarily use WiscMail Web (Outlook on the web) the rule will not apply unless Outlook is also running.
       
    • This is in no way supported by SHC and is just a handy guide to quickly IDing UW System phishing emails. Use at your own risk.