How to Get the Report Phishing Extension for Google Workspace

The following article describes how to install the report Phishing addon for Google Workspace.

When a Phishing Campaign is underway and users start receiving phishing emails, they have several choices: they can either open, inspect, and ignore the email, click a link, provide their credentials, and fall for the phishing attempt, or report the suspicious email.

Report Phishing Extension is a special button that appears on the email message taskbar in the right top corner. This allows users to easily report suspicious emails and helps organizations assess the effectiveness of their anti-phishing training. It also provides valuable feedback on areas where additional training may be needed.

In order to proceed with getting the extension, please navigate to the phishing menu in your admin console, and press on the "Extensions" menu: 
image-png-Feb-28-2024-12-03-02-6563-PM

Insert the email address to which the reported emails will be forwarded into the "Report To Email" field & press save afterward:
image-png-Feb-28-2024-12-07-24-4792-PM
We recommend creating a direct email (or group), for that. Example: incident-response-team@yourdomain.com, reportedemail@yourdomain.com, etc.
Once the email is saved, you can use the manual according to the platform you are on.

Installing the extension(the app can be installed by admins only):

As an Admin, please navigate to the dedicated app page in Google Workspace Marketplace 

Once there press on Admin install:



You will be shown the following prompt:
image-png-Feb-28-2024-12-10-15-3319-PM
Once done, select the desired group(s) to which you would like to install the app, or select to install it for everyone and agree to the privacy policy.
image-png-Feb-28-2024-12-14-29-8921-PM

Moving forward, you will see the following prompt stating the Add-on was installed:
image-png-Feb-28-2024-12-15-41-2452-PM

Once the above steps are done, you should be all set and the extension should appear in the Gmail sidebar:
image-png-Feb-28-2024-12-23-44-7959-PM

The following should be shown once the extension is opened and an email is selected:

image-png-Feb-28-2024-12-52-24-3410-PM


In case you already had our extension installed


As we constantly work towards improving our product, new extension versions will be released that might include new or changed functionality.
In case a new version contains a new or changed flow, depending on what it does the app might ask for consent for the additional permissions, in this case, while opening the extension you can see the below prompt:

By pressing on the Authorize access, a new window should open asking you to select the account with which you log in:
image-png-Feb-28-2024-02-26-27-2851-PM
Choosing the account should show the following prompt:
image-png-Feb-28-2024-02-28-05-6824-PM
By pressing on the continue you should be redirected to the consent screen to approve the app permissions.

As a Workspace admin, you can navigate to the Google admin console Workspace marketplace installed apps section at https://admin.google.com/ac/apps/gmail/marketplace/apps
There you should see the add-on installed:
image-png-Feb-28-2024-12-31-40-6191-PM
Selecting it, you should see the permissions the extension is asking and which permissions were allowed:
image-png-Feb-28-2024-12-47-41-7948-PM

To ensure the add-on will work as expected please make sure to grant access to all permissions the app asks