Phish Reporter Service

What is Phish Reporter?


The Phish Reporter feature adds a new interactive layer to your phishing training program. It allows Learners to actively report suspicious emails sent during simulated phishing campaigns, helping them practice positive security habits while giving managers insight into who spotted and reported potential threats.


With Phish Reporter, your Learners become more engaged, empowered to take action, and can earn credit for identifying phishing attempts.

How to Set up the Phish Reporter?


Option 1 - Manual Forwarding:


If your organisation already has a mailbox for reporting suspicious emails (e.g., phishreport@yourdomain.com), Learners can manually forward suspected phishing emails there. Configure this mailbox to automatically forward those emails to report@phish.goldphish.com. Our platform will then mark the email as “reported” by the Learner.

Google Workspace Users: For guidance on forwarding phishing emails manually (as native integration isn’t currently supported), please see our Google Workspace guide.

Option 2 - Microsoft Report Button:


If your organisation uses Microsoft 365, you can enable the built-in Report Phishing button. Learners simply click this button to report suspicious emails directly from their inbox.

For step-by-step setup instructions, visit our Microsoft Report Button guide.

Test: After setup, we recommend running a phishing campaign with a small group of Learners to test the reporting functionality. Please allow up to 5–10 minutes for reported emails to appear in the app dashboard.

Reporting in the Platform


Within all phishing campaign dashboards and reports, you’ll see a metric called Reported Rate. This indicates the percentage of Learners who reported receiving the simulated phishing email during the campaign.

Phish Reporter FAQs


What if I report a phishing email after clicking it? 

  • It still counts! Learners should always be encouraged and rewarded for reporting phishing emails, even if they clicked first. 

What if I click a phishing email after reporting it? 

  • Clicking phishing emails is risky behaviour, so clicking after reporting will still register as a click in the system.

What if I report a phishing email after the campaign has ended? 

  • It will still be recorded as reported, and campaign stats will update accordingly.

Can I disable the Phish Reporter Feature? 

  • Phish Reporter is enabled by default for all users. If you prefer not to use it, simply don’t set up the forwarding or reporting features - your regular platform experience will continue unaffected.

What happens to the emails learners forward to you? 

  • Emails are temporarily stored for automated review, then deleted. They are not opened or analysed for content.

Will all phishing emails be available for reporting?

  • The platform recognises only simulated phishing emails sent by the phishing simulator. However, you can still forward any suspicious emails to your reporting mailbox for your own monitoring.

What if a non-phishing email is reported?

  • Non-phishing emails won’t be recognised and are automatically deleted.

I reported a phishing email, but it hasn't reflected on the campaign dashboard?

  • Reporting data updates every 5 minutes, so there may be a slight delay, especially during tests.

Can we report via the Gmail "Report Phishing" built-in button?

  • Currently, our platform does not support Gmail’s built-in “Report Phishing” button. Gmail users should forward suspicious emails manually to the reporting mailbox.

 If you have any questions or need a hand, our Support Team is ready to help. Contact us anytime via the chatbot or email us at support@goldphish.com.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us

Related Articles