Setup Phish Reporter in Google Workspace

The Phish Reporter feature allows Google Workspace users to utilise a company email address, such as PhishReport@yourdomain.com, to internally monitor all emails reported by your learners and to measure reporting of phishing simulations in the Platform.


Step 1. Report Phishing Internally using Gsuite Groups

  1. If you do not already have one, create a company mailbox to receive suspected phishing reports internally, such as PhishReport@yourdomain.com
  2. Open your Google Workspace Admin Console and navigate to ‘Groups
  3. Create a new Group and title it something relevant and easy to remember, such as ‘Phishing
  4. Within this Group’s Settings, go to 'Access Setting' and check the 'External' box for 'Who can post'.

  1. Within this Group’s Settings, scroll down and select ‘Allow members outside your organisation

  1. Click 'Save'.
  2. Once enabled, add report@phish.goldphish.com as a new member

After you’ve setup your Group and added report@phish.goldphish.com, you're good to go. Learners will now be able to report our simulated phishing emails and be rewarded on the Platform for it by forwarding them to your internal mailbox, such as PhishReport@yourdomain.com.  

NOTE: Once you have set up the Phish Reporter feature in your email client - we recommend you test this function with a phishing simulation campaign sent to a single user. Be aware there may be a delay (5-10 minutes) between reporting an email and having that 'report' data reflect on the dashboard.

NOTE: We currently don't support Gmail's 'Report Phishing' button feature to report phishing simulations. If your organisation uses Gmail and wants to integrate the Phish Reporter tool as part of your Phishing Campaign, please encourage Learners to do email forwarding only.


Sample Communication for Internal Staff

To help your employees use the Phish Reporting Buttons, we've produced some sample communication that you may wish to modify and distribute.

SAMPLE COMMUNICATION BEGINS

Report an email you think is a scam

If you have received an email which you’re not quite sure about, forward it to PhishReport@yourdomain.com


Forward us as many suspicious emails as you like.

Send us emails that feel suspicious, even if you're not certain they're a scam - we can check.

Report emails even if you think they're a simulated phishing test - you'll get high fives.

Don't click on any links in a suspicious email.

Don't open any attachments in a suspicious email.

You don't need to forward us suspicious emails you find in your spam/junk folder.


By reporting suspicious emails, you will be helping to keep yourself, colleagues, and our organisation safe from cyber crime. If you have any questions about this reporting feature please reach out to your IT helpdesk. Thank you for your support.


SAMPLE COMMUNICATION ENDS

This Concludes setting up the Phish Reporter feature with Gmail.


Our Support Team is happy to help if you have any questions or require additional assistance. You can contact us anytime by submitting an email to support@goldphish.com

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us