Contact us: +45 32 67 26 26
English
Back to blog
2 min read

Use Built-In Phishing Reporting in Outlook or Gmail - Simplify, Strengthen and Secure

Anders Bryde Thornild
By: Anders Bryde Thornild Phishing Training | 11 April

The Current Reality: Chaos in Reporting

Does the following sound familiar? 

  • Teams message: “Hey, I just got an email that looks weird. Can you take a look?” 
  • Email forward: “See below — is this real?” 
  • Text message: “Just sent you a strange email, check it out.” 
  • Phone call: “Hi, I got this weird email… can you tell me if it’s legit?” 
  • Even a knock on the door: “Look at this email — is this phishing?” 

As an IT admin, you're constantly being pulled in every direction, trying to trace down potential phishing attempts through a patchwork of communication channels. Every method is different, inconsistent, and inefficient — all while the real risk is still unfolding.

And the most dangerous scenario?

When users don’t report it at all. 

The Problem: Reporting is a Mess

You’re not just fielding reports — you’re piecing together email trails, hunting down the original message, trying to determine if it’s a true phishing attempt, who else received it, and whether the organization is at risk. 

Meanwhile, there's no easy way to spot patterns or trends, no time to update threat policies, and no scalable way to respond to broader attacks. 

The Solution: Use the Tools You Already Have

Microsoft Outlook and Google Mail both include built-in phishing report buttons. These aren’t just convenience features — they’re powerful tools that integrate directly with your security stack.

(report button in outlook)

(Report button in Gmail)

Here's why using them should be self-evident: 

    ✅ Centralized Reporting: Emails go to the right people instantly — no more hunting. 

    ✅ Faster Triage: Get the metadata and original message you need to investigate properly in the environment where you can actually take action. 

    ✅ Better Visibility: See who else received the same phishing attempt. 

    ✅ Improved Response Time: Act on threats before they spread. 

    ✅ Training Insights: Identify which users report, and who needs more awareness. 

    ✅ Threat Intelligence: Spot trends and update security policies proactively. 

 

Getting Started is Easy: 

  1. Decide who should receive phishing reports and set up the routing accordingly. 
  1. Educate your users — share internal guides, run quick lunch sessions, post reminders, and use phishing simulations. 
  1. Track adoption — monitor who’s using the button, and follow up with teams that need a refresher. 

Bottom line: If you're still relying on ad-hoc reporting for phishing, you're wasting valuable time, increasing organizational risk, and missing the chance to use built-in, effective, and scalable tools already at your fingertips. 

 

Make the switch. Centralize reporting. Strengthen your defenses. 

Free phishing campaign Your first one is on us!    Book 15 minutes with Benjamin, our product owner, and we’ll create a custom campaign to give you clear insights into your security level.   We’ll run the campaign and send you a detailed report. All it takes is a quick chat and a little bit of your time.  

Back to blog
Recent articles
Phishing Training Does phishing training work? Yes! Here’s proof

Studies show that 80% of organisations report that phishing awareness training reduces the risk of falling for a phishing attack. So yeah, it does work!

Gry Myrtveit Gundersen 9 min read - By Gry Myrtveit Gundersen
Phishing Training What's Really Dangerous About Phishing?

Learn about responding to phishing emails, clicking links, and opening attachments. Find out what to do in a phishing incident and steps to protect your business.

Arooj Anwar 7 min read - By Arooj Anwar
Phishing Training Should You Phish Your Colleagues? We Think So!

Phishing is the biggest security threat that companies are facing today. That's why you should train your employees in recogninsing phishing attempts.

Sarah Hofmann 8 min read - By Sarah Hofmann