PhishHUK is an Outlook / Microsoft 365 plug-in that enables staff / users to report suspicious emails from directly within the Outlook client itself via mobile, desktop, and browsers for further analysis. This means that you can pursue a more integrated approach in how you respond to possible phishing emails. 

 

Where a user reports possible Phishing emails, your internal network and security teams will be immediately notified and can then decide what actions should be taken. A notification will also be sent to the end user.

 

For more general information on how to install Office add-ins, please see Microsoft’s official  documentation via the following link: 

 

 

Note: The information provided in the above link is for your information only – the instructions that follow below contain all the details that you need to complete this task.

 


 
How to install / deploy Office365 PhishHuk Add-in

 

  1. Sign in to your Office 365 admin area with your work or school account.

  2. Click on Show all to expand the menu options, as below.



  3. Click on Settings



  4. Click on Integrated apps

     

  5. Click on Upload Custom apps


     
  6. Check the option Provide link to manifest file and insert the following URL into the textbox underneath:

    https://cdn1.cyberriskaware.com/crawebstatix/release/PhishHuk_Addin_Web.xml



     
  7. When you click Validate you should see “Uploading and validating”:

    .. and then “Manifest file validated”. Click Next.


  8. Please ensure that the Is this a test deployment dialogue is set to No as shown below.

    Note: We would recommend that you initially deploy using either the “Just me” or “Specific users/groups” options. In this way you can test to ensure that the deployment goes well and the PhishHuk button works as expected for a single user or smaller group before deploying to the Entire Organisation.

    Once testing is completed, you can come back to this page and select “Entire Organization”. 

    We cover this step towards the end of this document  – this would be done when configuration and testing is complete.

    In the illustration below we are deploying only to a specific group called “IT Support Group” (note this group must already exist – if not it will default to “Just Me”):

     

  9. Click Next as above.

  10. On the Accept permissions requests screen below, click Next (as below).



  11. Click Finish deployment (as below):



  12. On the Review and finish deployment screen you’ll first see Initializing deployment…



  13. ...and then Deployment in progress…

  14. ...and finally, Deployment completed.



  15. Click Done (as above)

    Important Note: It can take up to six hours for the app to appear in Outlook / Outlook Web Access (OWA) as detailed above. 

    You will now see the final screen (below):


 

When testing is complete / deploying to Entire Organisation

 

  1. As before, sign in to your Office 365 admin area with your work or school account.

  2. Click on Show all to expand the menu options, as below.

    Graphical user interface Description automatically generated with low confidence


  3. Click on Settings

    Graphical user interface, text 
Description automatically generated 


  4. Click on Integrated apps

    Graphical user interface 
Description automatically generated with medium confidence 


  5. Click on PhishHuk




  6. Click on Users, and then select Entire Organization, and finally click Update (as below).




  7. Finally, click Done.




  8. You will see that your it is now set to Entire Organization as below. Click the ‘x’ to close the dialog window:




Important Note: Again, it can take up to six hours for the app to roll out for everyone / appear in Outlook / Outlook Web Access (OWA) as detailed above. 

Your PhishHuk deployment is now complete.