Report Phishing Button
      Back to home
      1. Knowledge Base
      2. PHISHING SIMULATION
      3. Report Phishing Button

      How to Get the Report Phishing Extension for Google Workspace

      The following article describes how to install the report Phishing addon for Google Workspace.

      When a Phishing Campaign is underway and users start receiving phishing emails, they have several choices: they can either open, inspect, and ignore the email, click a link, provide their credentials, and fall for the phishing attempt, or report the suspicious email.

      Report Phishing Extension is a special button that appears on the email message taskbar in the right top corner. This allows users to easily report suspicious emails and helps organizations assess the effectiveness of their anti-phishing training. It also provides valuable feedback on areas where additional training may be needed.

      In order to proceed with getting the extension, please navigate to the phishing menu in your admin console, and press on the "Extensions" menu: 
      image-png-Feb-28-2024-12-03-02-6563-PM

      Insert the email address to which the reported emails will be forwarded into the "Report To Email" field & press save afterward:
      image-png-Feb-28-2024-12-07-24-4792-PM
      We recommend creating a direct email (or group), for that. Example: incident-response-team@yourdomain.com, reportedemail@yourdomain.com, etc.
      Once the email is saved, you can use the manual according to the platform you are on.

      Installing the extension(the app can be installed by admins only):

      As an Admin, please navigate to the dedicated app page in Google Workspace Marketplace 

      Once there press on Admin install:



      You will be shown the following prompt:
      image-png-Feb-28-2024-12-10-15-3319-PM
      Once done, select the desired group(s) to which you would like to install the app, or select to install it for everyone and agree to the privacy policy.
      image-png-Feb-28-2024-12-14-29-8921-PM

      Moving forward, you will see the following prompt stating the Add-on was installed:
      image-png-Feb-28-2024-12-15-41-2452-PM

      Once the above steps are done, you should be all set and the extension should appear in the Gmail sidebar:
      image-png-Feb-28-2024-12-23-44-7959-PM

      The following should be shown once the extension is opened and an email is selected:

      image-png-Feb-28-2024-12-52-24-3410-PM

      In case you already had our extension installed

      As we constantly work towards improving our product, new extension versions will be released that might include new or changed functionality.
      In case a new version contains a new or changed flow, depending on what it does the app might ask for consent for the additional permissions, in this case, while opening the extension you can see the below prompt:

      By pressing on the Authorize access, a new window should open asking you to select the account with which you log in:
      image-png-Feb-28-2024-02-26-27-2851-PM
      Choosing the account should show the following prompt:
      image-png-Feb-28-2024-02-28-05-6824-PM
      By pressing on the continue you should be redirected to the consent screen to approve the app permissions.

      As a Workspace admin, you can navigate to the Google admin console Workspace marketplace installed apps section at https://admin.google.com/ac/apps/gmail/marketplace/apps
      There you should see the add-on installed:
      image-png-Feb-28-2024-12-31-40-6191-PM
      Selecting it, you should see the permissions the extension is asking and which permissions were allowed:
      image-png-Feb-28-2024-12-47-41-7948-PM

      To ensure the add-on will work as expected please make sure to grant access to all permissions the app asks

      Users Interactions with Extension

      When a Wizer user reports a Wizer simulation phishing email (clicks the phishing extension hook), the following happens:

      1. The user gets a congratulatory message "Well done! It was a simulation phishing email".

      2. The email will not be forwarded to the 'Report To' email address.

      3. The selected action will be applied to the email as it is set up in the Report Email Handling Settings.

      4. Admin will see the 'Reported' status in the phishing campaign report that the user reported this email.

      When a Wizer user reports a non-Wizer simulation phishing email (clicks the phishing extension hook), the following happens:

      1. The user gets a congratulatory message "Thank you for doing your part to keep our organization safe".

      2. The email will be forwarded to the 'Report To' email address.

      3. The selected action will be applied to the email as it is set up in the Report Email Handling Settings.

      When a non-Wizer user reports any email (clicks the phishing extension hook), the following happens:

      1. The extension will not react to clicks.

      2. The email will not be forwarded to the 'Report To' email address.

       

      Frequently Asked Questions

      Q: How can I remove the 'External' label from the simulation emails? I whitelisted everything, but it still shows in the emails. 

      A: Whitelisting removes the warning messages or banners and lets the simulation email go to spam or quarantine folders. However, you can turn external recipients' warnings off (for all emails). Instructions are in this article.