Email client add-ins for user feedback

The Coro email client add-ins enable protected users to provide feedback on potentially malicious emails or flag emails identified as threats by Coro as safe. Feedback submitted through the add-in is shared with IT personnel to support further action.

The Coro add-ins are compatible with web interfaces and native applications for:

  • Gmail
  • Microsoft Outlook 365
Important

To use the Coro Gmail or Microsoft Outlook 365 add-in, you must have:

  • An active subscription to the Coro Email Security module
  • One or more connected cloud applications
  • Protected users

Installing and removing the Coro add-in for Microsoft Outlook 365

For more information, see Installing and using the Microsoft Outlook 365 add-in.

Installing and removing the Coro add-in for Gmail

For more information, see Installing and removing the Gmail add-in.

Using the Coro add-in for Microsoft Outlook 365

After installation, use the add-in to report suspicious emails or contest emails flagged by Coro.

note

The add-in's user interface varies depending on whether you are using it in a web browser, a desktop application, or a mobile application.

Reporting emails as phishing

To report an email as phishing:

  1. Select the email.
  2. Select Coro from the toolbar.

    Windows:

    Coro button Windows

    macOS:

    Coro button macOS

    Microsoft Outlook 365 opens a side panel.

  3. Select REPORT PHISHING :

    Coro Add-in

    Microsoft Outlook 365 displays a Marked as phishing notification above the email:

    Phishing

    Coro moves the email to your default email quarantine folder and processes the user report.

Reporting emails as safe

To report an email as safe:

  1. Select the email from your default email quarantine folder .
  2. Select Coro from the toolbar:

    Coro

    Microsoft Outlook 365 opens a side panel.

  3. Select Mark As Safe :

    Report phishing or mark as safe

    Microsoft Outlook 365 displays a Marked As safe notification above the email:

    Safe

    Coro moves the email from your default email quarantine folder back to your inbox and processes the user report.

Using the Coro add-in for Gmail

After installation, use the add-in to report suspicious emails or contest emails flagged by Coro as malicious.

note

The look and feel of the interface depends on whether you are using the add-in in a web interface or a mobile application.

Reporting emails as phishing

To report an email as phishing:

  1. Select the email.
  2. Select Coro for Gmail from the sidebar:

    Coro for Gmail

    Gmail opens a side panel.

  3. Select Report Phishing :

    Coro Add-in

    Coro displays a confirmation dialog and labels the email according to your default email quarantine folder:

    Phishing

    Important

    If your default email quarantine folder is set to Dedicated 'Suspected' folder, Coro assigns the Suspected label to the email.

    If your default email quarantine folder is set to System trash folder, Coro assigns the Bin label to the email.

    Coro processes the user report.

Reporting emails as safe

To report an email as safe:

  1. Select the email that Coro has labeled according to your default email quarantine folder .
  2. Select Coro for Gmail from the sidebar:

    Coro for Gmail

    Gmail opens a side panel.

  3. Select Mark As Safe :

    Coro Add-in

    Coro displays a confirmation dialog and reapplies the Inbox label:

    Phishing

    Coro processes the user report.

How Coro processes user reports

Coro processes a user report based on whether or not a ticket was already raised against that email. In other words, Coro might have identified the email as containing malicious content and already raised a ticket in the console before the user report is received.

Equally, in some cases, Coro might receive a user report for an email that does not meet the threshold for suspicious content, and thus no ticket has been raised.

If Coro has already raised a ticket, the outcome of the user report also depends on whether that ticket has been automatically remediated and closed, or remains open for admin user review.

The following table summarizes each scenario and the action Coro takes:

Ticket raised and open Ticket closed after review No ticket raised
Reported as Safe The ticket is marked with feedback from the user report. The ticket is marked with feedback from the user report and re-opened for operator review. No action.
Reported as Phishing The ticket is marked with feedback from the user report. The ticket is marked with feedback from the user report. Coro creates a new ticket of type Reported by user. For more information, see Email Security ticket types.

In the Ticket Log, Coro marks tickets affected by a user report with phishing or safe:

User-reported phishing and safe ticket icons