Installation and Usage Guide
With the help of the plugins for E-Mail client software provided by TUD-CERT, fraudulent and malicious E-Mails can be reported quickly and easily. This includes particularly so-called phishing e-mails, with are used by attackers to obtain critical information such as access data and personal data. E-Mails with potentially malicious attachments such as unknown executable files or malicious Office macros can also be reported using the plugin. TUD-CERT analyzes these reports and takes countermeasures if necessary.
Phishing report plugins are currently available for the following E-Mail client software:
The plugins are NOT designed to report junk mail and other spam. As a rule of thumb for differentiation, E-Mails from unknown senders with questionable urgent requests for action (e.g. “click here to unlock your account”) are worthy of reporting.
If your computer is a member of an AD domain, the plugin can be installed by a centralized software distribution system. In that case, you do not need to perform the following steps. Instead, contact your responsible administrator.
The plugin is offered on our website as a 64bit installation package in two variants:
TUD-CERT-Melde-Plugin_VERSION_user.zip
: This variant installs the Outlook plugin only for the local user, no administrator rights are required.TUD-CERT-Melde-Plugin_VERSION_system.zip
: This package installs the plugin system-wide and makes it available to all local users. Administrator privileges are required for installation. If you maintain an AD domain, this package should be used for distribution to users.Download the desired installation package and navigate to the folder it has been downloaded to in Windows Explorer.
Open the installation package with a double click, whereupon the actual installation program becomes visible:
Now close any open Outlook instance that may still be running and then double-click to start the installation program. Windows may display a security warning for executable files downloaded from the Internet. Since in this specific case there is no danger from the plugin installer, this warning can be ignored by clicking “Run “.
After clicking “Next “ the installer suggests an installation directory. The default value can usually be kept and the dialog confirmed with another click on “Next”.
After finishing the installation routine Outlook can be restarted, the plugin is then automatically activated.
To report suspicious E-Mails to TUD-CERT, select the E-Mail in question with one click and then click on the report button at the top of the window.
Answer the dialog box asking whether the E-Mail should really be forwarded to the security team. The questionable E-Mail will then be forwarded to TUD-CERT and moved to your spam directory.
If you would like to provide us with additional information about the E-Mail, you can answer the following dialog with “Yes” and enter your message in the free text field below. Otherwise, simply click on “No” here.
If the report was successful, another confirmation dialog will appear which you can close by clicking “OK “.
The plugin for Mozilla Thunderbird requires at least Thunderbird version 78.0 and is compatible with newer versions. It is available for download from the official Mozilla Thunderbird Add-On website and can thus be installed directly from within Thunderbird on Windows, macOS and Linux. The following instructions show the installation process under Windows, but the steps under other operating systems are quite similar.
Start Mozilla Thunderbird, select the E-Mail tab and click the menu icon on the right edge of the window. Then click the “Add-ons and Themes “ entry in the appearing menu:
The tab “Add-ons management “ will be shown. In the “Find more add-ons “ field search for ‘TUD-CERT’ and confirm the search request with the Enter key:
In the list of results, look for the plugin named “TUD-CERT Phishing Report “ and click the button “Add to Thunderbird “.
The next dialog requires your final confirmation to install the plugin.
Note: According to the text in the dialog box, the plugin requires “full access to your computer”. For technical reasons, a restriction of these permissions is currently not possible due to limitations in Thunderbird. The plugin sends reports in the background as e-mails, for which Thunderbird requires such overarching permissions. Mozilla describes the underlying cause on their support pages. To ensure that the permissions are not abused, our reporting plugin goes through Mozilla’s manual review process before each release. Additionally, we have published the source code under a free license.
Confirm the installation with a click on “Add “.
After that the plugin is active and can be used immediately.
Optional: Some aspects of the plugin’s behaviour can be adjusted to your needs. To do so, click the wrench icon next to “TUD-CERT Phishing Report “ in the “Add-ons management” view, which will reveal a some plugin settings. Specifically, you can choose whether a reported E-Mail should automatically be moved to the junk folder, the trash or - alternatively - be kept in the inbox. If you made changes to these settings, confirm those with a click on the “Save “ button.
To report suspicious E-Mails to TUD-CERT, view the E-Mail in question, then click the button labeled “Report” in the preview window of the E-Mail (next to the buttons “Reply “, “Reply to all “, etc.)
In the appearing dialog box, you can add an optional comment to help the TUD-CERT when analysing it later. With a final click on the button “Submit report” the selected E-Mail will be reported to the TUD-CERT, which may take a few seconds. If the message could not be sent successfully (the text “Reporting failed, please try again later” appears in the dialog box), first make sure that there is a working Internet connection and then try again. If report fails after multiple attempts, please notify us by sending an E-Mail to cert@tu-dresden.de.