Report phishing extension for Wizer

This article describes how the extension works

After you deploy the extension for you or your users via the instructions below,It will appear in the sidebar, depending on which email client you use:

Google Workspace

Office 365

After the extension is deployed, you or your users that had it deployed will be able to report suspicious emails using the app.

The below screenshot features how the reporting process works:
image-png-Jan-24-2024-01-59-15-0739-PM

Once you chose a suspicious email that you would like to report, press on the extension button so the following will appear:
image-png-Jan-24-2024-02-02-47-9157-PM

Clicking on "Report Phishing" will result in the following dialogue window:
image-png-Jan-24-2024-02-04-56-3256-PM

Note that the verbiage above indicates that the message reported was a "Phishing Simulation" email that was sent by Wizer (further referenced as Wizer email)

When your users report an email that was not sent by Wizer (further referenced as a non-Wizer email), the verbiage will differ:
image-png-Jan-24-2024-02-08-47-7827-PM

The extension works in GW in the same manner.
Choose a suspicious email to report:
image-png-Feb-28-2024-02-09-21-4864-PM

Press on the extension button:
image-png-Feb-28-2024-02-19-05-3232-PM

The below message is presented when a Wizer email is reported:
image-png-Feb-28-2024-02-20-24-2981-PM

If a non-Wizer email is reported, you will see the following message:
image-png-Feb-28-2024-02-22-57-6583-PM

Side notes and answers to frequently asked questions about the extension

1. Only Wizer (phishing simulation) emails will increment the 'reported' stats in the simulation analytics.

The reported Wizer emails will not be forwarded to the email that is set in the Report to Email field in the admin console.

2. Non-Wizer emails that are reported by your users will be forwarded to the email that is set in the Report to Email field in the admin console from the address of the user who reports it:

As an admin or owner of the address inserted into the above field, you will receive the report as attached as shown below:

3. Only existing users (who can be found in the user list in the admin panel) can use the extension to report suspicious emails.
Otherwise:
- the reported message will NOT be sent to admin if a non-existing user reports a non-Wizer email via extension.
-the extension will not react to clicks if a non-existing user attempts to report any email.

4. The extension is available for BOTH Web and Desktop/App versions of Outlook

*Note that it might take up to 6 hours for the extension to appear in Outlook after the deployment is finished. (Usually happens faster)

5. In Google Workspace the extension is available for admin installation only. (Non-admin users will not be able to install it)

6. The Admin will receive a forwarded email with the reporter email, the reported email subject, and the email reported as malicious as an attachment from:
- support@activephishingdomain.com (active phishing domain will be used, so may vary when the domain is switched) if this is a Wizer email
- email of the user who reported a message if this is a non-Wizer email.

7. If the recipients click on 'How to detect a phishing email?' the below video and tips will open.

8. The reported non-Wizer emails will be moved to the deleted items folder in the user's email account.

9. The extension is NOT supported on mobile email client versions.