Your new Phish Alert Button

On Monday, May 18, King County employees received a County-approved email from do-not-reply@kingcounty.gov about the new Phish Alert Button that has been added to Outlook so you can quickly and easily report suspicious emails that may be phishing attacks.

The email also advised you that have been enrolled in “Phish Alert Button” training. If you haven’t already done so, please make sure you complete the training to help keep King County safe and defend against cyber-attacks. Most employees received the email Monday morning (see image below).

Phish alert button email

How will it work? All Outlook email users will get a new button called Report Phishing placed on the ribbon bar of their Outlook screen that they can click when confronted with a suspicious email.

If you’re working from home you’ll need to connect via VPN for the button to be installed on your computer. Here’s how to easily connect via VPN.

You’ll also get an email invitation to learn more about how the Report Phishing button works, and what type of emails to report with the new button. That email will come from the following address: “King County <do-not-reply@kingcounty.gov>” A link will be provided in the email for you to securely access the training site.

The username to access the training is your email address. Your password will be the same one you use for your email.

Here’s what the button looks like in the top ribbon:

When do I use it? Click the Report Phishing button anytime you believe the email you received is a phishing email or a potentially dangerous email. These reports will be forwarded to the KCIT security team for analysis.

The Report Phishing button should only be used to report emails you believe have malicious intent. If you receive spam or marketing emails, do not use the Report Phishing button. You can simply delete those emails. A side note: You can also add the sender or sender’s domain to the blocked list on your Outlook email.

How do I use it? When you click on the Report Phishing button, a prompt will ask you if you’re sure you want to report the email as a phishing email. If you select yes, the email will be sent to the KCIT security team, and the email will be deleted from your inbox. You’ll receive a pop-up message saying “Thank you for reporting this email to the security team. No more action is required.” If you accidently report a legitimate email as a phishing email, you can find the original item in the deleted items folder in your Outlook.

Why should I use it? King County, like other governments, constantly fights off cyberattacks. Many attackers seek usernames and passwords so they can attack private bank accounts or business government networks to install ransomware, steal data or cause outages. Reporting suspicious emails keeps King County data and files more secure. The faster our security specialists know of phishing attacks, the quicker we can defend against them. You’re an important part of the process of keeping King County safe from cybercriminals.

Should I create a helpdesk ticket? You can if you would like to, but it’s not required. Using the Report Phishing button will send the email you report straight to our security team and Microsoft.

Thank you for your cooperation. For questions, contact the KCIT Help Desk at 206-263-4357 or submit a Help Desk ticket.