The add-in works by adding a button to the Outlook ribbon UI. Users are supposed to select emails from their Outlook client, which they suspect might be part of a phishing attack, or just coming from spammers that they want banned on the company's email server.
Pressing the PhishReporter button will forward the selected emails as attachments to a specially set up email address. Here, the security and IR staff can analyze the email, and if found to be malicious in nature, they can blacklist the domain in the company's spam blocker.
The PhishReporter Outlook Add-In is the preferred way of reporting phishing emails because it automates the process of forwarding suspicious emails "as attachments," and by doing so preserving important email header information.
This operation is essential for security and IR staff because employees usually just forward the email, rewriting the original headers with their own.
The original phishing email header isn't lost since it remains in the user's client email, but IR teams usually have to contact the employee and teach him how to properly forward the email so they can analyze it. This makes security teams lose precious time, which is crucial since most phishing campaigns are most effective during their first hours.