Introduction
The Hoxhunt button can be used for two use cases:
1. Reporting Hoxhunt training emails, read more: Reporting Hoxhunt Training Emails or Simulations
2. Reporting suspicious emails, that were not sent by Hoxhunt
This article will walk you through what happens when you report a suspicious email, separately for Outlook and Gmail.
Reporting suspicious emails in Outlook
Reporting suspicious emails in Gmail
Reporting suspicious emails in Outlook
When you receive a suspicious email and you think it might be either phishing or spam, report it with the Hoxhunt button. You can read more about the difference between phishing and spam here: Phishing v Spam - What is the difference?
You can report emails from:
- Your personal mailbox
- Share mailboxes. If you report an email from a shared mailbox, you need to be logged in with the shared mailbox account. Otherwise you will not be able to report the email from a shared mailbox. Read more here: FEATURE: Reporting from Shared Mailbox
- If you cannot log in with the shared mailbox account, please follow your company's guidelines for reporting phishing emails.
Step 1: Locate and click on the Hoxhunt button
Locate the Hoxhunt button in your email inbox and click on the Hoxhunt button.
You can read more about locating the Hoxhunt button in Outlook here: Locating Hoxhunt in Outlook
If you have trouble finding the Hoxhunt button check out: Troubleshooting missing Hoxhunt button
Step 2: Choose "Report as phishing" or "Report as spam"
A panel will open where you can choose if you would like to report the email as phishing or spam. We will first walk you through what happens when you report the email as phishing.
Read more about reporting as spam below at: Step 3.B: Choose "Report as spam"
Step 3.A: Report as phishing and potential additional features
What happens after you click "Report as phishing" will depend on what features your organization admin has enabled for you. The features can be enabled one by one, or all at once, depending on your organizations preference. Click the Hoxhunt button to see what is available for you!
We have outlined the options below:
Option 1: Report as phishing
When no additional settings are enabled (see below) you can simply choose to "Report as phishing". Then the email will be shared with your cybersecurity team for analysis. The faster you report phishing attacks to your security team, the safer you make it for others!
Option 2: Report as phishing and indicate if you acted on the email
When you organization has enabled the User Acted feature, you are able to indicate in your reported email if took any action on the email such as:
- I replied to the email
- I downloaded a file
- I opened an attachment
- I visited a link
- I entered my password
- I forwarded the email
If you did not take any action on the email, you can simply choose Report as Phishing and leave the "Already clicked something" empty. The faster you report phishing attacks you may have interacted with to your security team, the safer you make it for others and yourself!
The email is then shared with your cybersecurity team for analysis and in the case you report that you took action, they can prioritize following up with you to take any action appropriate.
Option 3: Request Instant Feedback
If your organization has enabled the Instant Feedback feature you can request Instant Feedback when you report the email. You can read more about Instant Feedback here: Identify malicious emails with Instant Feedback
Step 3.B: Choose "Report as spam"
If you have identified that email is spam, you can also report is as spam by selecting "Report as spam". When you do so:
1. The email will be moved to the Junk folder
2. The individual sender will be blocked from sending you more emails
Unblocking a blocked sender in Outlook
If you block a safe sender, you can unblock the address through your junk email settings.
If you no longer want to block a sender, you can unblock them as outlined here:
Block senders or unblock senders in Outlook on the web
Reporting suspicious emails in Gmail
When you receive a suspicious email and you think it might be either phishing or spam, report it with the Hoxhunt button. You can read more about the difference between phishing and spam here: Phishing v Spam - What is the difference?
You can report emails from your personal mailbox.
Please note that Gmail does not allow you to report suspicious emails in shared or delegate inboxes with the Hoxhunt button.
Step 1: Locate and click on the Hoxhunt button
Locate the Hoxhunt button in your email inbox and click on the Hoxhunt button.
You can read more about locating the Hoxhunt button in Gmail here: Locating Hoxhunt in Gmail
If you have trouble finding the Hoxhunt button check out: Troubleshooting missing Hoxhunt button
What happens next will depend on which Hoxhunt button your organization has enabled for you. Hoxhunt has three button options in use:
1. Hoxhunt Private Gmail Add-on: Used by the majority of our customers who have started with Hoxhunt before 2022
2. Hoxhunt Workspace Add-on: Being rolled out to all customers during 2022 and will become the most commonly used add-on
Step 2.A: Report as phishing (Private Gmail Add-on)
Option 1: Report as phishing
When your organization has enabled the Hoxhunt Private Gmail Add-on, you can choose to Report the email. Then the email will be shared with your cybersecurity team for analysis. The faster you report phishing attacks to your security team, the safer you make it for others!
Option 2: Report as phishing and indicate if you acted on the email
When you organization has enabled the User Acted feature, you are able to indicate in your reported email if took any action on the email after you choose Repot such as:
- I replied to the email
- I downloaded a file
- I opened an attachment
- I visited a link
- I entered my password
- I forwarded the email
Then simply choose Ok to report the email and how you interacted with it.
If you did not take any action on the email, you can simply choose Report and leave the "Already clicked something" empty. The faster you report phishing attacks you may have interacted with to your security team, the safer you make it for others and yourself!
Option 3: Report as spam
This option is not available for the Hoxhunt Private Gmail Add-on.
Step 2.B: Choose "Report as phishing" or "Report as spam" (Hoxhunt Workspace Add-on)
What happens after you click "Report as phishing" will depend on what features your organization admin has enabled for you. The features can be enabled one by one, or all at once, depending on your organizations preference. Click the Hoxhunt button to see what is available for you!
We have outlined the options below:
Option 1: Report as phishing
When no additional settings are enabled (see below) you can simply choose to "Report as phishing". Then the email will be shared with your cybersecurity team for analysis. The faster you report phishing attacks to your security team, the safer you make it for others!
Option 2: Report as phishing and indicate if you acted on the email
When you organization has enabled the User Acted feature, you are able to indicate in your reported email if took any action on the email after you choose Report such as:
- I replied to the email
- I downloaded a file
- I opened an attachment
- I visited a link
- I entered my password
- I forwarded the email
Then simply choose Report as phishing to report the email and how you interacted with it.
If you did not take any action on the email, you can simply choose Report as phishing and leave the "Already clicked something" empty. The faster you report phishing attacks you may have interacted with to your security team, the safer you make it for others and yourself!
Option 3: Request Instant Feedback
If your organization has enabled the Instant Feedback feature you can request Instant Feedback when you report the email. You can read more about Instant Feedback here: Identify malicious emails with Instant Feedback
Step 3: Choose "Report as spam"
If you have identified that email is spam, you can also report is as spam by selecting "Report as spam". When you do so the email will be moved to the Spam folder.
Questions?
If you have any questions about reporting suspicious emails, please don't hesitate to reach out to our support team at support@hoxhunt.com