In this guide, we'll discuss our recommended process of reporting phishing emails on various mobile platforms, such as Microsoft Outlook and GMail.
Whilst the majority of your people likely use a desktop device for work, we know that more people are using mobile devices to conduct work-related tasks on the go, or want to understand how to best protect themselves in their lives outside of work.
Firstly, it’s important to know that phishing reporting capabilities on mobile are often not as extensive as they are on desktop. This is down to the email provider that you use.
However, we hope that this guidance is a helpful first step in helping your teams to handle this scenario.
CybSafe setup
Before a successful report of CybSafe phishing emails can be made, you will need to set up the relevant integration first.
Please follow our guide on setting up the Report phishing integration, and the below guides will work.
MS Outlook
MS Outlook has the ability on its mobile app to report phishing.
Press the three dots on the top right hand side of the email in Outlook. This opens the action list.
Then, click “Report Junk”.
This will then open the ability to report as Junk, or report as Phishing.
This will open the following button. Press “Report”.
When the email is reported as phishing, Microsoft deletes the message.
GMail
Gmail does not have the ability on its mobile app to report phishing. This is a limitation of the app.
Option 1: Forward to an internal report phishing inbox / security team.
If your organisation has a phishing mailbox, users can forward their suspected phishing email to you, to report it.
Option 2: Report as Spam.
Users can report a suspected phishing email as Spam.
Whilst Spam is different to phishing, Google states that they take a copy of the email and run it through a lot of analysis for detecting harm, which has the effect of helping others.
When an email is marked as Spam, GMail moves it to the user’s Spam folder.
If a user comes across a suspected phishing email on the GMail mobile app, they can mark it as Spam, which moves it to the Spam folder.
Ideally, they would then report as phishing when next on desktop.
Other email providers
Do you use another email provider? Let us know and we’ll be happy to update our documentation. We are always looking to evolve our guidance.