GSuite Phishing Reporter

GSuite Phishing Reporter

In this article, we demonstrate the deployment of the Phishing Reporter for GSuite accounts, as well as the client side when reporting emails. Administrators of the Cyberaware Security portal can observe through the Email Campaign results the number of reported emails as well as which recipients reported the email.

  1. Navigate to Plugins:

  1. Let’s manage the Plugin Configuration by clicking on it:

  1. Enter an email address in the first box. That mailbox will be used to receive all recipient reported emails that were not part of the Cyberaware Security Email Campaigns. Essentially, it will filter out scheduled phishing campaigns intended for training/testing purposes, to distinguish emails that could potentially be real phishing attempts.

As stated, you may add multiple addresses separated by a comma.

  1. Tick the following box to prompt recipients to provide a reason for reporting an email:

  1. If you are satisfied with the configuration, click on Save changes:

  1. As we can see, the settings have been updated!

  1. Once the configuration process is done, let’s install the required reporter tool. Click on the following link to access the Google Workspace Marketplace. To install the add-on you need administrative privileges.

  1. You should get the following output:

  1. As guided by the installation process, select the option Admin install and click CONTINUE:

  1. On the Allow Data Access window select the option Everyone at your organization and then click on the box to accept the terms of service. Finally click on Finish:

  1. Click on Done on the message showing that the add-on has been installed:

  1. Let’s have a look from the Gmail (web access) side of things. In the right bar , you will find the Cyberaware Security Phishing Reporter add-on was eventually added. Click on the specified button:

  1. When we click on the Report a phishing mail button after selecting an email, we get the following option:

  1. Click on Send report to finalise. In this instance, we will report this email using the default reason called Suspicious content. As always, a recipient may select the appropriate reason for their case. When selecting the Other reason option, a user will be asked to provide a description of the issue as well.

  1. As we can see, the report has been submitted as expected!

  1. If the email reported was part of a phishing campaign, reporting such email will trigger an update on the results of said campaign, indicating that the email has been reported:

  1. On the other hand, if the email was not part of a campaign and has been reported, the email address that was added during the configuration step will receive an email containing an eml file so it can be viewed/replayed later. If the recipient has added a description during the reporting procedure, it will also be included.

Last updated