To make it easier to report phishing and spam, OIT provides the Phish Alert button to faculty, staff, and students. Once deployed, a phish hook icon appears in your Gmail Inbox or Gmail mobile view. If you receive a suspicious email, simply click the Phishing Alert button icon to immediately notify OIT.
What is the Phish Alert Button?
How do I use the Phish Alert Button?
When should I use the Phish Alert Button?
Why should I use the Phish Alert Button?
What about using Gmail's warnings and its Report Phishing tool?
Will there still be a Phish Bowl? If so, when should we contact it?
Why can't I use the Phish Alert Button for suspicious emails located in the Spam or Trash folders?
What is the Phish Alert Button?
The Phish Alert button is visible in the right-hand side panel of your Gmail Inbox, and is visible when using any web browser (Chrome, Firefox, Edge, Safari, etc.) If you do not see the side panel, roll over the left-hand arrow in the bottom right of your screen, then click on the arrow to display the side panel.
Once opened, the side panel will display buttons for easy access to apps such as your Calendar, Notes, Tasks, Contacts, Zoom, and the Phish Alert hook icon (circled in green in this example).
For email viewed on your mobile device, it is displayed at the bottom right of an opened email.
How do I use the Phish Alert Button?
If you have opened an email that is suspicious, you can report it by following these steps:
- Click on the Phish Alert button, which appears as a fish hook icon.
- Select the kind of email you are reporting, selecting either Phish/Suspicious or Spam. You can provide additional contextual details in the provided field.
- Click on the Phish Alert button to submit your report.
- A message will display to confirm you have successfully reported an email, which will be moved to your Trash folder. (Even though spam reported via the Phish Alert button is ultimately moved to your Trash folder, it is still submitted to Google's spam classification, helping to fuel Gmail’s spam filters.)
- Once the confirmation message appears, click the back arrow to return to your Inbox.
- Note: If you're viewing an email in split pane mode, the back arrow is not available. You can change your Gmail inbox settings to make the back arrow visible. You can also click Inbox or your browser's back arrow to go back to your inbox.
When should I use the Phish Alert Button?
The Phish Alert Button is used to report emails you believe are malicious or spam. When using the Phish Alert Button, you'll have the opportunity to specify the category of the email you're reporting as well as enter contextual details.
PHISHING | SPAM |
Sent by cybercriminals to entice you to click on a link or to give up personal or sensitive information | Typically sent from companies trying to sell you a product or service |
Has a sense of urgency (“do this now!”) | Unsolicited or unwanted “junk” email |
Asks you for sensitive information, such as usernames, passwords, or credit card details | Emails sent to advertise a product |
Can be more personalized or targeted to you or your organization | Emails such as forwarded chain letters, coupons, donation requests, and unwanted newsletters |
Why should I use the Phish Alert Button?
Reporting emails will help both you and your organization stay safer. By reporting an email, the threatening email is removed from your inbox and your organization is made aware of possible vulnerabilities. Once your organization is aware of these possible vulnerabilities, they can better defend against them. You are an important part of the process of keeping your organization safe from cybercriminals.
What about using Gmail's warnings and its Report Phishing tool?
Gmail does a good job of filtering spam and warning of suspicious messages, such as using the Gmail Anti-Spoofing Warning Banner. You can continue to report via these banners when they appear, but we encourage you to adopt usage of the Phish Alert Button into your “security toolkit”. Reporting via the Phish Alert Button ensures OIT personnel are immediately alerted to the suspicious message.
Will there still be a Phish Bowl? If so, when should we contact it?
The Phish Bowl won’t go away. We will continue to update it but you will no longer need to forward suspicious email to it. However, if you have a question about an email, such as whether or not it might be legitimate, or if you have become a victim of a phishing attempt, continue to contact us at phishbowl@brown.edu.
Why can't I use the Phish Alert Button for suspicious emails located in the Spam or Trash folders?
Only messages in your Inbox can be reported via the Phish Alert Button. Emails that land in your Spam folder have been automatically filtered out by our security systems as either malicious or junk mail. If you believe an email in your Trash folder should be reported through the Phish Alert Button for further investigation, you'll need to first move it back to your Inbox.