# GSuite Phishing Reporter

GSuite Phishing Reporter

In this article, we demonstrate the deployment of the Phishing Reporter for GSuite accounts, as well as the client side when reporting emails. Administrators of the Cyberaware Security portal can observe through the Email Campaign results the number of reported emails as well as which recipients reported the email.

1. Navigate to Plugins:

<figure><img src="https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2FIUEtwqMNOexNpWDE7Z7w%2FGSuite1.png?alt=media&#x26;token=7090683a-1ac8-4f0d-8279-e9bc0ceb77af" alt=""><figcaption></figcaption></figure>

2. Let’s manage the Plugin Configuration by clicking on it:

<div align="left"><figure><img src="https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2F5oaT8FBU4ytNypzplcAI%2FGSuite2.png?alt=media&#x26;token=34c702de-429b-4e9f-a61f-42d6de872bb2" alt=""><figcaption></figcaption></figure></div>

<div align="left"><figure><img src="https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2FD7bnNC0RY7RXQwk5hXpY%2FGSuite3.png?alt=media&#x26;token=a029ea82-3176-4e3f-a9ba-22fa7be2879f" alt=""><figcaption></figcaption></figure></div>

3. Enter an email address in the first box. That mailbox will be used to receive all recipient reported emails that were not part of the Cyberaware Security Email Campaigns. Essentially, it will filter out scheduled phishing campaigns intended for training/testing purposes, to distinguish emails that could potentially be real phishing attempts.

<div align="left"><figure><img src="https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2Fc63o1z41OJiS7SFKfBax%2FGSuite4.png?alt=media&#x26;token=9a1b9c9a-98b8-4287-971e-d927d5bda8bf" alt=""><figcaption></figcaption></figure></div>

As stated, you may add multiple addresses separated by a comma.

4. Tick the following box to prompt recipients to provide a reason for reporting an email:

<div align="left"><figure><img src="https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2FeSwJYFBfgfYIIH6hWrvy%2FGSuite5.png?alt=media&#x26;token=a3855435-e224-4b88-8af7-bf5a8532c50d" alt=""><figcaption></figcaption></figure></div>

5. If you are satisfied with the configuration, click on Save changes:

<div align="left"><figure><img src="https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2Fuavu2VmkMtUlSthWC60J%2FGSuite6.png?alt=media&#x26;token=9776daa1-32bf-4d35-9ddd-7aa15e52d2fa" alt=""><figcaption></figcaption></figure></div>

6. As we can see, the settings have been updated!

<div align="left"><figure><img src="https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2F3ivKo2KFKOIGAOk4tpzP%2FGSuite7.png?alt=media&#x26;token=f63931a2-5f39-4b11-a349-b89bba848a9b" alt=""><figcaption></figcaption></figure></div>

7. Once the configuration process is done, let’s install the required reporter tool. Click on the following link to access the Google Workspace Marketplace. To install the add-on you need administrative privileges.

<div align="left"><figure><img src="https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2Fod3d4uU0bf6apfLQRjX1%2FGSuite8.png?alt=media&#x26;token=c71c285e-816e-4798-8f1e-4804ca0ce24f" alt=""><figcaption></figcaption></figure></div>

8. You should get the following output:

<div align="left"><figure><img src="https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2F2rOkvBQy4Q4ICq2e1dlX%2FGSuite9.png?alt=media&#x26;token=8d995f29-6fb9-4f2b-9114-8ef1bab8d776" alt=""><figcaption></figcaption></figure></div>

9. As guided by the installation process, select the option Admin install and click CONTINUE:

<div align="left"><figure><img src="https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2FqilwjAYaMrq1AiNJg4pv%2FGSuite10.png?alt=media&#x26;token=d1bf69d8-d19d-466e-8191-471eae07fe23" alt=""><figcaption></figcaption></figure></div>

10. On the Allow Data Access window select the option Everyone at your organization and then click on the box to accept the terms of service. Finally click on Finish:

<div align="left"><figure><img src="https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2FFCXPAjlKVIZCukgw5tLL%2FGSuite11.png?alt=media&#x26;token=3f280a27-d48a-48b0-8c74-46a80b48ba50" alt=""><figcaption></figcaption></figure></div>

11. Click on Done on the message showing that the add-on has been installed:

<div align="left"><figure><img src="https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2Fzh8XrIoIQDRxzbsQjkfz%2FGSuite12.png?alt=media&#x26;token=358e6576-6c4e-47d4-a274-5d2e022eb5f9" alt=""><figcaption></figcaption></figure></div>

12. Let’s have a look from the Gmail (web access) side of things. In the right bar , you will find the Cyberaware Security Phishing Reporter add-on was eventually added. Click on the specified button:

<div align="left"><figure><img src="https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2FZGehFXDtZ4AfhUPYFhdA%2FGSuite13.png?alt=media&#x26;token=a85f604f-1234-4c18-ab66-e10dd746cee6" alt=""><figcaption></figcaption></figure></div>

13. When we click on the Report a phishing mail button after selecting an email, we get the following option:

<div align="left"><figure><img src="https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2FfcHtLh5LGhJ4xklusvAV%2FGSuite14.png?alt=media&#x26;token=87b348e7-5c74-45ca-a63c-5c57fca4078b" alt=""><figcaption></figcaption></figure></div>

14. Click on Send report to finalise. In this instance, we will report this email using the default reason called Suspicious content. As always, a recipient may select the appropriate reason for their case. When selecting the Other reason option, a user will be asked to provide a description of the issue as well.

<div align="left"><figure><img src="https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2F2RD0jf3lT2pZ5TgT2Jaa%2FGSuite18.png?alt=media&#x26;token=c1131ef6-1b78-4503-b632-f178c66bdcfa" alt=""><figcaption></figcaption></figure></div>

15. As we can see, the report has been submitted as expected!

<div align="left"><figure><img src="https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2FIhZBltWWc7aY3dO8aUs7%2FGSuite19.png?alt=media&#x26;token=96b42d6b-386a-4146-9cd1-cd0b14019183" alt=""><figcaption></figcaption></figure></div>

16. If the email reported was part of a phishing campaign, reporting such email will trigger an update on the results of said campaign, indicating that the email has been reported:

<div align="left"><figure><img src="https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2FFHYLvzKZdQIRwIgB68Ub%2FGSuite20.png?alt=media&#x26;token=51a649ef-3cb7-4ef7-a644-e537595a9223" alt=""><figcaption></figcaption></figure></div>

17. On the other hand, if the email was not part of a campaign and has been reported, the email address that was added during the configuration step will receive an email containing an eml file so it can be viewed/replayed later. If the recipient has added a description during the reporting procedure, it will also be included.