How to Set Up the Phish Reporter Service
The Phish Reporter feature adds a powerful, interactive layer to your phishing training programme. It empowers Learners to take action when they spot a suspicious email, helping them build positive security habits and giving managers valuable insight into who’s detecting threats and taking action.
Key Benefits of Phish Reporter
- Empowerment: Encourages Learners to take immediate action against potential threats.
- Engagement: Increases active participation in security training.
- Insight: Helps managers identify which individuals are spotting and reporting simulated threats.
- Credit: Learners can earn recognition for correctly identifying phishing attempts.
How to Set Up Phish Reporter
There are two ways to enable reporting, depending on your environment:
Option 1 - Manual Forwarding (Google Workspace & Non-Microsoft Environments):
- Create a dedicated reporting mailbox: If not already in place, create an internal company reporting mailbox (e.g., phishreport@yourdomain.com).
- Configure Auto-Forwarding: Set this mailbox to automatically forward all received emails to: report@phish.goldphish.com.
- Inform Your Learners: Ask them to manually forward suspected phishing emails to your organisation's reporting mailbox (e.g., phishreport@yourdomain.com ).
- How it works: When the forwarded email reaches our system, it is processed and marked as reported by the Learner. Managers will then see reporting activity in campaign dashboards and reports.
Note: Gmail’s built-in “Report Phishing” button cannot be integrated with our platform, so manual forwarding is required.
👉 For detailed setup steps, see the Setup Phish Reporter in Google Workspace guide.
Option 2: Microsoft 365 Report Button
If your organisation uses Microsoft 365, you can use Microsoft’s built-in Report Phishing button.
Once configured, learners simply click the Report Phishing button directly within their Outlook inbox.
👉 For setup instructions, see the Setup Phish Reporter in Microsoft Outlook 365 guide.
Post-Setup Testing and Verification
To confirm everything is configured correctly (including whitelisting and Phish Reporter), we strongly recommend running a small test.
- Run a Test Campaign
- Target just two or three users internally.
- User Action
Ask these users to:
- Confirm delivery of the email
- Open the email
- Click the embedded link
- Report the email using their Report Phishing button or by forwarding it to your reporting mailbox (depending on your setup)
- Confirm the Results
- View the campaign report to ensure all actions - delivery, click, and report - are correctly logged.
Note: Reported emails may take 5–10 minutes to appear in your dashboard.
❓ Phish Reporter FAQs
| Question | Answer |
| What if I report a phishing email after clicking it? | It still counts! Learners should be encouraged to report, even if they clicked first. |
| What if I click a phishing email after reporting it? | Reporting is positive, but clicking is still risky. The click will still register. |
| What if I report an email after the campaign has ended? | It will still be recorded, and campaign statistics will update. |
| Can I disable the Phish Reporter Feature? | It is enabled by default. If you prefer not to use it, simply don't set up the forwarding or reporting features. Your regular platform experience will continue unaffected. |
| What happens to the emails learners forward to you? | They are temporarily stored for automated review, then deleted. No person reads them. |
| Will all phishing emails be available for reporting? | The platform only recognises simulated phishing emails sent by our simulator for tracking purposes. However, you can still forward any real suspicious emails to your internal reporting mailbox for your own internal monitoring. |
| What if a non-phishing email is reported? | It won’t be recognised and will be deleted automatically. |
| I reported an email, but it hasn't updated on the dashboard. | Reporting data updates approximately every 5 -10 minutes, so a slight delay is expected, especially right after reporting. |
If you need a hand, reach out to our Support Team via email at support@goldphish.com.🚀🛠️