Abnormal Abuse Mailbox: Save Time with AI-Driven Auto-Remediation of Employee-Reported Phishing Emails

December 17, 2020

For SOC analysts, managing an employee-reported phishing mailbox can be a double-edged sword. On one hand, legacy tools have made it easy for employees to report would-be business email compromise (BEC) and credential phishing emails. On the other hand, analysts spend a significant amount of time manually monitoring and determining if messages are safe or if they need remediating, creating a resource bottleneck.

In many cases, it can take minutes to over an hour to understand the implications behind a phishing report.

Understanding the Phishing Mailbox Workflow

A common phishing mailbox workflow goes like this:

  1. An employee reports a phishing email to the phishing mailbox.
  2. A SOC analyst investigates and decides if the email is safe or malicious.
    1. For safe emails, they inform the employee of the judgement.
    2. For malicious emails, they find the entire email campaign using tools such as Powershell.
  3. The SOC analyst removes the email campaign and alerts the employee of the malicious judgement.

All of these steps require manual intervention, as well as the use of ticketing or third-party tools to manage the mailbox workflow. However, most SOC analysts would prefer minimal involvement when it comes to monitoring their abuse mailbox. However, to get to a “set it and forget it” workflow requires automation and next-generation detection capabilities.

Automate Your Abuse Mailbox

With the Abuse Mailbox built-in to the Abnormal Security platform, we apply our AI-powered inbound protection technology to pass judgement on employee-reported phishing emails. In doing so, we automatically determine if an email—whether it’s a standalone message or a part of a coordinated campaign sent to multiple employees—is safe or malicious. Additionally, all malicious emails, including those a part of a campaign sitting in inboxes that are unreported, are auto-remediated from employee inboxes, giving analysts built-in mSOAR (email Security Orchestration, Automation and Response) capabilities.

Due to the effectiveness of Abnornal’s detection system, the result is a significant time savings for analysts, since they no longer need to spend time investigating safe phishing emails and can instead focus on real threats.

The Abnormal Security Abuse Mailbox can:

  • Pull all employee-reported emails in one place
  • Automatically provide email judgement via Abnormal’s signal detection capabilities
  • Collect the entire email attack campaign
  • Automatically remediate email campaigns that are deemed malicious
  • Automate employee notification support for safe and malicious reports
  • Integrate with existing ticketing systems such as ServiceNow, and SIEM/SOAR tools including Splunk, LogRhythm, QRadar, and Demisto, and
  • Integrate with Proofpoint TAP to show reports that have been ingested and processed by Abnormal

Abuse Mailbox is platform-independent and integrates with both Microsoft Office 365 and Google Workspace.

Experience an Improved Abuse Mailbox Today

With our improved mailbox UI, analysts can quickly view quantitative highlights of the submission breakdown between malicious, safe, and spam messages, as well as remediated campaigns and messages. The high-level summary above the campaign log allows analysts to receive a quick snapshot of Abuse Mailbox’s effectiveness. Additionally, if you’re a Proofpoint TAP customer, we have integrated into TAP to show reports that have been ingested and processed by Abnormal, giving analysts another look at how Abnormal would handle such events.

Multiple Remediation Options: Abuse Mailbox now supports a ‘Malicious (Permanently Delete)’ remediation option for analysts that want to remove entire campaigns from users’ inboxes for both Office 365 and Google Workspace.

Powerful Dashboard and Reporting Capabilities: We’ve added numerous dashboards and reporting options to improve visibility into key metrics and activity across the organization. Analysts can get a roll-up of reported phishing emails with a breakdown by judgement—malicious, safe, and spam. Additionally, Abnormal provides downloadable PDF and CSV reports with custom date ranges, especially useful for an executive audience.

You can also view remediation trends by attack types, and as well as the total number of emails, campaigns, and Proofpoint TAP-reported emails remediated by Abnormal over the selected time period.

In addition, we’ve made it easier to understand which employees in your organization report the most messages to Abuse Mailbox over a selected time period. Analysts can view the types of messages they’re reporting, as well as toggle between ‘All Reports’ or ‘Malicious Reports Only’.

Integrated Phishing Reporting Buttons: For organizations that have an existing end-user phishing report workflow, Abuse Mailbox integrates with Cofense/PhishMe and KnowBe4 buttons, as well as the native Microsoft O365 ‘Report Message’ button, giving employees the ability to report suspicious emails and notify security teams with just one click.

There's no longer a need to spend hours investigating user-report phishing attacks and remediating them. Let Abnormal do it for you.

Interested in seeing what Abnormal Security can do to improve your employee-reported mailbox? Request a demo to learn more.


Prevent the Attacks That Matter Most

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Demo 2x 1

See the Abnormal Solution to the Email Security Problem

Protect your organization from the attacks that matter most with Abnormal Integrated Cloud Email Security.

Related Posts

B 05 17 22 Impersonation Attack
See how threat actors used a single mailbox compromise and spoofed domains to subtly impersonate individuals and businesses to coerce victims to pay fraudulent vendor invoices.
Read More
B 05 14 22 Best Workplace
We are over the moon to announce Abnormal has been named one of Inc. Magazine's Best Workplaces of 2022! Learn more about our commitment to our workforce.
Read More
B 05 13 22 Spring Product Release
This quarter, the team at Abnormal launched new features to improve lateral attack detection, role-based access control (RBAC), and explainable AI. Take a deep dive into all of the latest product enhancements.
Read More
B 05 11 22 Champion Finalist
Abnormal has been selected as a Security Customer Champion finalist in the Microsoft Security Excellence Awards! Here’s a look at why.
Read More
Blog series c cover
When we raised our Series B funding 18 months ago, I promised our customers greater value, more capabilities, and better customer support. We’ve delivered on each of those promises and as we receive an even larger investment, I’m excited about how we can continue to further deliver on each of them.
Read More
B 05 09 22 Partner Community
It’s an honor to be named one of CRN’s 2022 Women of the Channel. Here’s why I appreciate the award and what I love about being a Channel Account Manager at Abnormal.
Read More
B 05 05 22 Fast Facts
Watch this short video to learn current trends and key issues in cloud email security, including how to protect your organization against modern threats.
Read More
B 05 03 22
Like all threats in the cyber threat landscape, ransomware will continue to evolve over time. This post builds on our prior research and looks at the changes we observed in the ransomware threat landscape in the first quarter of 2022.
Read More
B 04 28 22 8 Key Differences
At Abnormal, we pride ourselves on our excellent machine learning engineering team. Here are some patterns we use to distinguish between effective and ineffective ML engineers.
Read More
B 04 26 22 Webinar Re Replacing Your SEG
Learn how Microsoft 365 and Abnormal work together to provide comprehensive defense-in-depth protection in part two of our webinar recap.
Read More
Blog mitigate threats cover
Learn about the most common socially-engineered attacks and why these tactics are still so successful—despite a growing awareness from employees.
Read More
B Podcast Engineering8
In episode 8 of Abnormal Engineering Stories, Kevin interviews Saminda Wijegunawardena, an engineering leader who is no stranger to fast-growing enterprise startups.
Read More