Introduction
The Hoxhunt button can be used for two use cases:
1. Reporting Hoxhunt training emails, read more: Reporting Hoxhunt Training Emails or Simulations
2. Reporting suspicious emails, that were not sent by Hoxhunt
This article will walk you through what happens when you report a suspicious email, separately for Outlook and Gmail.
Reporting suspicious emails in Outlook
Reporting suspicious emails in Gmail
Reporting suspicious emails in Outlook
When you receive a suspicious email and you think it might be either phishing or spam, report it with the Hoxhunt button. You can read more about the difference between phishing and spam here: Phishing v Spam - What is the difference?
You can report emails from:
- Your personal mailbox
- Shared mailboxes - (read more here: FEATURE: Reporting from Shared Mailbox
Step 1: Locate and click Hoxhunt button
Locate the Hoxhunt button in your Outlook toolbar and click on the Hoxhunt button.
NOTE for Web Outlook users: After clicking Hoxhunt button, you'll be presented with a prompt "Report this email wants to display a new window". Click Allow.
To learn more about this message, check this KB article.
You can read more about locating the Hoxhunt button in Outlook here: Locating Hoxhunt in Outlook
If you have trouble finding the Hoxhunt button, check out: Troubleshooting missing Hoxhunt button
Step 2: Choose "Report as phishing" or "Report as spam"
A panel will open where you can choose if you would like to report the email as phishing or spam.
We will first walk you through what happens when you report the email as phishing. Read more about reporting as spam below at: Step 3.B: Choose "Report as spam"
Step 3.A: Report as phishing and potential additional features
What happens after you click "Report as phishing" will depend on what features your organization admin has enabled for you. The features can be enabled one by one, or all at once, depending on your organizations preference. Click the Hoxhunt button to see what is available for you!
We have outlined the options below:
Option 1: Report as phishing
When no additional settings are enabled (see below) you can simply choose Report as phishing. Then the email will be shared with your cybersecurity team for analysis. The faster you report phishing attacks to your security team, the safer you make it for others!
Option 2: Report as phishing and indicate if you acted on the email
You may see additional options where you can indicate if you reacted on the email such as:
- I replied to the email
- I downloaded a file
- I opened an attachment
- I visited a link
- I entered my password
- I forwarded the email
If you didn't react on the email, simply choose Report as Phishing and leave the "Already clicked something?" section empty.
TIP: The faster you report phishing attacks you may have interacted with to your security team, the safer you make it for others and yourself!
The email is shared with your cybersecurity team for analysis and in the case you indicate your reacted on the email, they can prioritize your case.
Option 3: Request Instant Feedback
If your organization has enabled the Instant Feedback, you can ask for instant feedback when you report a suspicious email. Read more about Instant Feedback here: Identify malicious emails with Instant Feedback
Step 3.B: Choose "Report as spam"
If you have identified that email is spam, you can report it as spam by selecting Report as spam.
When you do so:
1. The email will be moved to your Junk folder
2. The individual sender will be blocked from sending you more emails
TIP: If you reported an email as spam by accident, you may want to remove the sender address from your Blocked Senders list and/or mark the email as not spam. You can either:
a) remove the sender address from your Blocked Senders list in your junk email settings, or
b) re-report the email while it's in Junk folder and choose Report as not spam. This will move the email back to your Inbox, remove the sender address from Blocked Senders list and add the sender address to Safe Senders list.
NOTE: You may not have Report as not spam option available.
Reporting suspicious emails in Gmail
When you receive a suspicious email and you think it might be either phishing or spam, report it with the Hoxhunt button. You can read more about the difference between phishing and spam here: Phishing v Spam - What is the difference?
You can report emails from your personal mailbox.
Please note that Gmail does not allow you to report suspicious emails in shared or delegate inboxes with the Hoxhunt button.
Step 1: Locate and click Hoxhunt button
Locate the Hoxhunt button in your email inbox and click on the Hoxhunt button.
You can read more about locating the Hoxhunt button in Gmail here: Locating Hoxhunt in Gmail
If you have trouble finding the Hoxhunt button check out: Troubleshooting missing Hoxhunt button
What happens next will depend on which Hoxhunt button your organization has enabled for you.
Hoxhunt has two button options available:
1. Hoxhunt Private Gmail add-on: Used by customers who have started with Hoxhunt before 2022
2. Hoxhunt Workspace add-on: Being rolled out to all customers during 2022 and will become the de facto add-on
Step 2.A: Report as phishing (Private Gmail Add-on)
Option 1: Report as phishing
When your organization has enabled the Hoxhunt Private Gmail Add-on, you can choose to Report the email. Then the email will be shared with your cybersecurity team for analysis. The faster you report phishing attacks to your security team, the safer you make it for others!
Option 2: Report as phishing and indicate if you acted on the email
When you organization has enabled the User Acted feature, you are able to indicate in your reported email if took any action on the email after you choose Repot such as:
- I replied to the email
- I downloaded a file
- I opened an attachment
- I visited a link
- I entered my password
- I forwarded the email
Then simply choose Ok to report the email and how you interacted with it.
If you did not take any action on the email, you can simply choose Report and leave the "Already clicked something" empty. The faster you report phishing attacks you may have interacted with to your security team, the safer you make it for others and yourself!
Option 3: Report as spam
This option is not available for the Hoxhunt Private Gmail Add-on.
Step 2.B: Choose "Report as phishing" or "Report as spam" (Hoxhunt Workspace Add-on)
What happens after you click "Report as phishing" will depend on what features your organization admin has enabled for you. The features can be enabled one by one, or all at once, depending on your organization's preference. Click the Hoxhunt button to see what is available for you!
We have outlined the options below:
Option 1: Report as phishing
When no additional settings are enabled (see below) you can simply choose to Report as phishing. Then the email will be shared with your cybersecurity team for analysis. The faster you report phishing attacks to your security team, the safer you make it for others!
Option 2: Report as phishing and indicate if you acted on the email
When you organization has enabled the User Acted feature, you are able to indicate in your reported email if took any action on the email after you choose Report such as:
- I replied to the email
- I downloaded a file
- I opened an attachment
- I visited a link
- I entered my password
- I forwarded the email
Then simply choose Report as phishing to report the email and how you interacted with it.
If you did not take any action on the email, you can simply choose Report as phishing and leave the "Already clicked something" empty. The faster you report phishing attacks you may have interacted with to your security team, the safer you make it for others and yourself!
Option 3: Request Instant Feedback
If your organization has enabled the Instant Feedback feature you can request instant feedback when you report the email. Read more about Instant Feedback here: Identify malicious emails with Instant Feedback
Step 3: Choose "Report as spam"
If you have identified that email is spam, you canreport it as spam by selecting Report as spam. When you do so the email will be moved to the Spam folder.
Questions?
If you have any questions about reporting suspicious emails, please don't hesitate to reach out to our support team at support@hoxhunt.com