Goodbye PhishAlarm button, Hello reporting to Google – 06/19/2024
Updated 09/27/2024
For a few years, we have been asking the MRU community to report suspicious emails by using the PhishAlarm button or by forwarding the email to cybersecurity@mtroyal.ca. This notifies the Cybersecurity team of the possible threat and allows us to inform the reporter and their colleagues of any active attacks hitting the campus. While this service has been useful, it bypasses Google’s built-in security tools.
Google’s security tools have improved significantly and we are shifting to using this more effective, efficient system. Starting Tuesday, July 2, the MRU community will use GMail’s built-in reporting system instead of using the PhishAlarm button.
Every email reported to Google is reviewed by their security tools. If enough people report an email, Google will place a yellow warning banner at the top of it, letting your colleagues know it could be malicious.
Consistently reporting phishing emails to Google does more than protect your colleagues. It also improves Google’s ability to recognize malicious emails. Over time, fewer of them will arrive in your inbox. If you delete an email, rather than reporting it, you miss out on these benefits.
If you’re not using Gmail to view your email, you can continue to forward suspicious emails to cybersecurity@mtroyal.ca. However, this bypasses Google’s security tools and leaves your inbox — and the University — more vulnerable to attack.
Make your life easier and reduce the number of phishing emails you receive by reporting suspicious emails to Google.
To report suspicious emails to Google:
- Open the email.
- Click the three dots in the upper right corner (the kebab).
- Select Report phishing from the menu. A confirmation dialogue box appears.
- Click Report Phishing Message. Google removes the email from your inbox.
- That’s it!
Join the MRU Cybersecurity Community chat and share your reports with others in real time
Reporting to Google does help you and your colleagues over time, however there is a way to alert others immediately. Forward your emails to the MRU Cybersecurity Community chat before you report them to Google. It only takes an extra 30 seconds, but it saves your colleagues hours of hassle. This new chat space is where you can communicate with others on campus about active cyber attacks as well as get real time alerts yourself. To celebrate its launch, we are giving away a camera fitted drone during Cybersecurity Awareness Month in October. Check out the web page to find out more.
Dear Kurc,
Yes you will be informed. In addition, if the email is legitimate, it will be returned to your inbox. The only difference is it might take a bit longer to get back to you (within 48 hours) as reporting volumes have gone up with this change.
One question – if the message turns out to be benign and safe to open, will I be informed? What I liked about the old system is that I received, generally quite promptly, as to whether the suspicious email was, in fact, a phishing attempt or not.