Phish Reporter Service
This guide introduces the Platform’s Phish Reporter feature and how you can use it to build a more fun and engaging security awareness training program.
What is Phish Reporter?
The Phish Reporter feature is a new dimension in our simulated phishing training experience that allows learners to report malicious emails sent as part of a simulated phishing campaign, and allows Managers to identify who spotted the email and took action to report it.
With Phish Reporter, your learners are more involved in training and can start demonstrating positive security behaviours!
After a quick setup, your learners can simply forward the email to phishreport@yourdomain.com to receive credit for spotting your simulated phishing attacks.
How to Set up Phish Reporter
Your organisation may have a mailbox or contact to forward suspicious phishing emails such as phishreport@yourdomain.com.
Option 1 - Manual Forwarding: Employees will need to manually forward all suspicious emails to your mailbox, such as phishreport@yourdomain.com. Configure this mailbox to automatically forward reported phishing to report@phish.goldphish.com and the Security Awareness Platform will recognise the phishing campaign as "reported" by the learner.
Option 2 - Microsoft Report Button: If you're a Microsoft user, you can setup the built-in Microsoft Reporting Button/Feature. Employees can use the Microsoft 'Report phishing' button in their mailbox to report suspicious emails.
Visit our Microsoft Report Button article for step by step setup instructions.
Visit our Google Workspace article for step by step setup instructions.
NOTE: Once you have set up the Phish Reporter feature in your email client - we recommend you test this function with a phishing simulation campaign sent to a single user. You may experience a slight delay (max 5-10 minutes) in "reporting" an email and it being reflected in the App dashboard.
Reporting
Included in all dashboards and phishing campaign reports, you’ll notice a data point titled ‘Reported Rate’. This indicates the employees that reported the simulated phishing email they received.
Phish Reporter FAQs
What if I report a phishing email after I click it?
- Phishing emails reported after a click will still register as reported. Even if your learners failed to spot the phishing email and clicked it, they should still be encouraged and rewarded for correctly reporting it!
What if I click a phishing email after I report it?
- Clicking any suspicious email is not good security behaviour, clicking a phishing email after reporting would still register as a click.
What if I report a phishing email after a phishing campaign has ended?
- It will still register as reported. Simulated phishing emails reported after a phishing campaign is inactive will still be recorded and campaign stats will be updated.
Can I disable this functionality?
- Phish Reporter is enabled and available to everyone by default. If you do not want your organisation to utilise the Phish Reporter service, you can continue with your regular use of the Security Awareness Platform without following the above setup steps.
What do you do with emails we forward you?
- We temporarily store them for review before deleting. Emails are not opened and no data within the email is observed.
Will all phishing emails be available for reporting?
- The Platform will only recognise phishing attempts from our phishing simulator, but you can still utilise phishreport@yourdomain.com to monitor all potential threats, or forward them to report@phish.goldphish.com.
What if someone forwards an email that is not a phishing attempt?
- The email will not be recognised by the Platform reporting service and will be auto-deleted.
I've reported a simulated phishing email but it hasn't reflected on the campaign dashboard?
- The App pulls this reporting data from our server every 5 minutes, so expect a slight delay in the data being reflected on the dashboard if you're running a "Test" campaign and are expecting immediate results.
We use Google Workspace, can we report via the Gmail "Report Phishing" built-in button?
- We currently don't support Gmail's 'Report Phishing' button feature. If your organisation uses Gmail and wants to integrate the Phish Reporter tool as part of your Phishing Campaign, please encourage Learners to do email-forwarding only.
Our Support Team is happy to help if you have any questions or require additional assistance. You can contact us anytime by submitting an email to support@goldphish.com.