Email client add-ins for user feedback

Important

To use the Coro user feedback email client add-in, you must have:

  • An active subscription to the Coro Email Security module
  • One or more connected cloud applications
  • Protected users

The Coro email client add-in enables protected users to report potentially malicious emails for themselves. Users can also report emails that they believe were incorrectly flagged by Coro.

The Coro add-in is compatible with both web interfaces and native applications for:

Installing the Coro add-in for Microsoft Outlook

You can install the Microsoft Outlook Add-in directly from the Coro console.

note

The installation of the Coro add-in must be performed by a Microsoft 365 administrator.

note

The installation of the add-in is performed by a Microsoft 365 administrator for all employees simultaneously, rather than individually.

To install the Microsoft Outlook add-in:

  1. Go to the Email Security configuration page .
  2. Select the Add-ins tab:

    Add-ins

  3. Select Install for Outlook 365 :

    Add-Ins Outlook

    Coro displays the Microsoft AppSource page.

  4. Follow the on-screen instructions to install the Microsoft Outlook add-in.

Installing the Coro add-in for Gmail

You can install the Gmail add-in directly from the Coro console.

note

The installation of the Coro add-in must be performed by a Google Workspace administrator.

note

The installation of the add-in is performed by a Google Workspace administrator for all employees simultaneously, rather than individually.

To install the Gmail add-in:

  1. Go to the Email Security configuration page .
  2. Select the Add-ins tab:

    Add-ins

  3. Select Install for Gmail :

    Add-Ins Gmail

    Coro displays the Google Workspace Marketplace webpage.

  4. Select Install .

    Google displays the Get ready to install dialog:

    Install for Gmail

  5. Select CONTINUE .
  6. Review the request for the Coro Gmail add-in to access your Google Workspace account. Select Allow to proceed with the installation:

    Install for Gmail allow

    The installation starts automatically.

    After the installation completes, Google displays a message informing you that the Coro Gmail add-in installation was successful:

    Install for Gmail done

  7. Select DONE to complete the installation process.

Using the Coro add-in

After installation, the look and feel of the UI depends on whether you are using the add-in in a web interface or native application. The following functionality demonstration uses the Microsoft outlook add-in within the native Microsoft Outlook application.

If you suspect an email as phishing:

  1. Select the email.
  2. Select Coro from the toolbar:

    Add-Ins toolbar

    Coro displays the add-in panel:

    Add-Ins control panel

  3. Select the REPORT PHISHING button.

    Coro adds a Marked as phishing label to the top of the email:

    Marked as phishing

    Then, Coro moves the email to the Suspected folder:

    Moved to Suspected folder

To report an email in the Suspected folder as safe:

  1. Select the email.
  2. Select Coro from the toolbar.
  3. Select the MARK AS SAFE button.

    Coro moves the email from the Suspected folder to your inbox.

How Coro processes user reports

Coro processes a user report based on whether or not a ticket was already raised against that email. In other words, Coro might have identified the email as containing malicious content and already raised a ticket in the console before the user report is received.

Equally, in some cases, Coro might receive a user report for an email that does not meet the threshold for suspicious content, and thus no ticket has been raised.

If Coro has already raised a ticket, the outcome of the user report also depends on whether that ticket has been automatically remediated and closed, or remains open for admin user review.

The following matrix summarizes each scenario and the action Coro takes:

Ticket raised and open Ticket closed after review No ticket raised
Reported as Safe The ticket is marked with feedback from the user report. The ticket is marked with feedback from the user report and re-opened for operator review. No action.
Reported as Phishing The ticket is marked with feedback from the user report. The ticket is marked with feedback from the user report. Coro creates a new ticket of type Reported by user. For more information, see Email Security ticket types.

In the Ticket Log, Coro marks tickets affected by a user report with phishing or safe:

User-reported phishing and safe ticket icons