Deploy Gmail Phishing Reporting Add-On

The OutThink Phishing Reporting Add-On is now available for Gmail, as part of Google Workspace. This article describes how the add-in can be deployed centrally for your organization.

In all cases, OutThink recommend deploying the add-in to a small subset of users before deploying to a larger audience. This allows the process to first be tested, and the add-on features and operational practices to be familiarised.

Step 1


Add-On Deployment

Centralized Deployment

The first step is to configure the Add-On via the OutThink Command Center. Once logged in to the Command Center, navigate to Settings in the top menu.

Ensure the appropriate organization is selected on the left hand side, then click the Integrations Tab. Ensure that the Gmail Reporting Add-On integration is Enabled, and then click Settings.

At the bottom of the screen, type the email address of where you wish legitimate suspicious phishing messages to be forwarded. This may be the email address of a dedicated SOC inbox, or that of your Information Security Team.
Click Save changes.

Once the configuration is saved for your organization, navigate to the Google Workspace Marketplace at https://workspace.google.com/marketplace and sign in as an Administrator for your Organization. If you are not an administrator, you will be unable to install the add-on centrally for multiple users.

The Add-On can be installed in your organization by selecting the Admin Install button, and confirming the alert that follows.

At the next screen:
1. Review and confirm the set of permissions required by the Add-On to function.
2. At the option to Install the app automatically for the following users, it is advisable to select Certain groups or organizational units, to facilitate a limited audience for testing before deploying to all users.
3. Confirm the Terms of Service, and click Next.

4. Confirm the set of users that you wish to deploy the add-on to, and then complete the installation.
Note: It may take some time for the add-on to appear in Gmail for the installed users.

Step 2

Testing the Add-On

As mentioned above, it is highly advisable to deploy the add-on to a test group of users first. The add-on should appear in the Gmail ribbon within the Gmail desktop application, or within the context of a loaded email on mobile.

Test reporting any random email, to ensure that the suspect email is immediately removed from your inbox, and attached to an email report sent to your SOC Team, Information Security Officer, or other address where the email can be scrutinised and further actions taken.

Next, test sending an attack simulation via the OutThink Command Centre, or via your Customer Success Manager (with our hosted service). When the simulation lands in your Gmail inbox, use the phishing reporting feature to report the email. The email should again be removed from your inbox, but this time the campaign analytics and reports will be updated to register that the simulation was successfully reported. In this case the email is not forwarded to your SOC Team.

Banner photo by Stephen Phillips

Was this helpful?

3 / 1