What is phishing?

Phishing is when you receive an email, where you’re asked for  your username & password. The email looks trustworthy but actually isn’t. There are multiple ways to make an email look valid so we should be on the lookout for any emails that might not be what they seem. 

How can users report phishing in Google Workspace? 

Users in Google Workspace can report a phishing email in Gmail by clicking the three dots on the right of your mail and clicking “Report Phishing ”. If a user reports an email, a notification is triggered in the Alert Center in Google’s Admin Console. The Alert Center is a dashboard in Google Workspace where you can find all the alerts reported in your admin center. (e.g. Suspicious login attempts, Spam or Phishing reported by the user, …) 

The Google Workspace Admin Console can help the administrators

There are multiple settings a Google Workspace Administrator can use to prevent domain users from receiving Phishing messages. 

• In the admin console you can prevent spoofing of your domain, quarantine messages with similar domain or employee names. (find more information on the Google’s Support page)
• Be sure to check out the password alert extension that doesn’t allow you to reuse your corporate password for any other site. (find more information on the Google’s Support page)
• If you are in the enterprise plus SKU, you can intercept phishing emails with the investigation tool! (find more information on the Google’s Support page)

But most important is to keep an eye on your Alert Center to be able to react to possible phishing emails reported by your users! 

The value of Phishing Awareness campaigns. 

Phishing mails can come from any direction and even from your own compromised accounts. You can prepare yourself as best you can for Phishing but some will always get past your protections you have set up. Therefore, awareness is the best possible strategy to combat phishing mails. Awareness campaigns usually consist of reminding people how to report a phishing email and to make sure that they do so. Some companies even send out false phishing attempts to try and see how people respond to phishing emails!

Support articles : 

Avoid and report phishing emails

Prevent phishing attacks on your users with the Password alert extension

Advanced phishing and malware protection

Find and delete malicious emails with the Investigation tool 

A person logging in to an account he shouldn’t be logging in to can be devastating for a business. To avoid phishing, make sure you enable all the necessary security features in your digital workplace environment – as mentioned in this article. Even more important is to make sure your users are aware of what phishing is and how they can act to avoid it. This will give your administrators the necessary insights into how your organisation might be vulnerable to phishing.