Installation of the CanIPhish Google Workspace Gmail Phish Report Add-on will enable your employees to report suspected phishing material to CanIPhish. Reported phishing emails are then viewable under the CanIPhish Reporting page where administrators can then view the content to understand whether the email was a "Simulated Phish", "Actual Phish" or "False Positive".
How to install the CanIPhish Phish Report Add-on
- Log in to your Google Workplace Admin account.
- Click Apps > Google Workspace Marketplace apps > Apps list > Add app to Admin Install list. Or go directly to the Google Workspace Marketplace.
- Type "caniphish-report-phish" into the search menu or go directly to the caniphish-report-phish listing.
- Click on the marketplace add-on and then select to perform an "Admin install". To do this you will need to be a Google Workspace administrator as you'll be deploying the add-on across your organisation.
- A notification will popup, simply click Continue and you'll be presented with the authorisation screen. As part of the add-on installation, CanIPhish will be given limited permissions to run as a gmail add-on, read emails that are actively opened and connect to our external API. The reasons we need these privileges are outlined in the Appendix below.
- Select "Everyone at your organisation" or additionally just select the subset you which to deploy the app to, select that you agree to the Google terms of service and click Finish.
- The add-on has now been deployed!
- To complete the setup, if you haven't already. Go to your CanIPhish account under Platform Management.
- Click the "Employee Phish Reporting" drop-down and click the toggle-box to enable phish reporting functionality.
You've completed the setup to enable employee phish reporting. You can now view employee phish reports on the Reporting page under the Employee Reported Phishing tab.
How to use the CanIPhish Phish Report Add-on
Once the CanIPhish Gmail Add-on is installed, it'll appear on the right-hand side of the Gmail webpage.
To use the add-on, employees simply need to open an email, click the CanIPhish Report Phish Add-on and click the "Report Phish" button. This will send a request to CanIPhish and we'll populate your account with the relevant data within 60 seconds.
Appendix A - Permissions needed
Provides the CanIPhish Report Phish add-on to execute within employee mailboxes..
Provides the CanIPhish Report Phish add-on with the ability to read the contents of an open email.
Provides the CanIPhish Report Phish add-on with the ability to read the user profile of the employee using the add-on.
Provides the CanIPhish Report Phish add-on with the ability to connect to the CanIPhish API for the transfer of information from Google to the CanIPhish platform.