The Hoxhunt Google Workspace add-on allows users to report Hoxhunt training emails and real threats as well as join the Hoxhunt training in various way. The Hoxhunt Google Workspace add-on is the primary add-on for Google Workspace (G Suite) customers, and is the only add-on that will include further updates by Hoxhunt. The add-on is available to users in multiple languages via Gmail's web browser version and via mobile Gmail application on Android and iOS.
The add-on can be installed and authorised for your employees in couple of minutes. However, please note it might take up to 24 hours for the changes to go live for all users according to Google. Read more about a distributed installation of the Google Workspace add-on on this page.
Locating the add-on in Gmail
When accessing Gmail via web browser, the Hoxhunt Google Workspace add-on is available in the right-side pane in the Gmail email client.
When using Gmail application on mobile device, the add-on can be found at the bottom of the email.
Reporting suspicious emails
To report a suspicious email, users can click the add-on after having opened the email they wish to report.
When an email is being reported, Hoxhunt identifies training emails from other emails automatically. It can also identify "safe" emails based on specific feedback rules. Read more about setting up feedback rules at this page.
Reporting safe messages
When user tries to report a email from Hoxhunt that isn't a training email, or a legitimate internal email specified via feedback rules, the user is told the email is safe and is prevented from reporting it.
Reporting Hoxhunt training emails
Users can report Hoxhunt training emails by clicking Hoxhunt button and selecting "Report as phishing". The user is then guided through the reporting process.
NOTE: Hoxhunt training emails can be set to automatically move to Bin/Trash after they have been reported. This is an organization level setting that can currently be enabled only by Hoxhunt.
Reporting real suspicious emails
As with training emails, users can report real suspicious emails by clicking Hoxhunt button and selecting "Report as phishing". When reporting real emails, users can access additional features such as informing their security team that they acted on a suspicious email, and they can are optionally also able to utilise Instant Feedback.
NOTE: Reported emails can be set to automatically move to Bin/Trash folder (for phish) or Spam folder (for spam) after they have been reported. This is an organization level setting that can currently be enabled only by Hoxhunt.
Joining the Hoxhunt training
Users can join the Hoxhunt training directly through the add-on by reporting any email. Hoxhunt support multiple ways to join the training depending on organisational settings and user's current status.
Known limitations of the add-on
There is a number of restrictions imposed by Google on how developers can develop Google Workspace add-ons. Below is a list of the most important restrictions Hoxhunt have ran into during development.
Visual design limitations:
- Toggle for opting in to Instant Feedback is only available in green.
- Changing the colors of any UI buttons is not supported on iOS.
- Hoxhunt logo cannot be modified for the official add-on available through Google Marketplace.
- The add-on framework has a number of known limitations. As an example the go back and menu functionalities are the same for all Workspace add-ons.
- The add-on cannot report emails that are already tagged as spam or dangerous. We recommend organisations to instruct their users that they do not need to report emails that have already been tagged as spam by Gmail.
- Workspace add-ons are not supported for iPadOS at all.
- Automatically removing simulations and threats after reporting is not supported for iOS devices.
- Alternative runtime is not supported on iOS. Currently, the add-on is built based on App Script to enable iOS users to access the add-on.
- Reporting from shared mailboxes is not supported by Google.