For a few years, we have been asking the MRU community to report suspicious emails by using the PhishAlarm button or by forwarding the email to cybersecurity@mtroyal.ca. This notifies the Cybersecurity team of the possible threat and allows us to inform the reporter and their colleagues of any active attacks hitting the campus. While this service has been useful, it bypasses Google’s built-in security tools.

Google’s security tools have improved significantly and we are shifting to using this more effective, efficient system. Starting Tuesday, July 2, the MRU community will use GMail’s built-in reporting system  instead of using the PhishAlarm button.  

Every email reported to Google is reviewed by their security tools. If enough people report an email, Google will place a yellow warning banner at the top of it, letting your colleagues know it could be malicious.

Consistently reporting phishing emails to Google does more than protect your colleagues. It also improves Google’s ability to recognize malicious emails. Over time, fewer of them will arrive in your inbox.  If you delete an email, rather than reporting it, you miss out on these benefits.

If you’re not using Gmail to view your email, you can continue to forward suspicious emails to cybersecurity@mtroyal.ca. However, this bypasses Google’s security tools and leaves your inbox — and the University — more vulnerable to attack.

Make your life easier and reduce the number of phishing emails you receive by reporting suspicious emails to Google.

To report suspicious emails to Google:

1. Open the email.
2. Click the three dots in the upper right corner (the kebab).
3. Select Report phishing from the menu. A confirmation dialogue box appears.
4. Click Report Phishing Message. Google removes the email from your inbox.
5. That’s it! 

 

 

 

Here’s more information on the key advantages offered by Google’s system:

• Enhanced detection capabilities: Google’s engine is sophisticated in identifying and learning from reported phishing attempts. When employees report suspicious emails using GMail’s feature, the system continuously improves, becoming more adept at detecting malicious content.
• Automated alerts: Once an email is flagged by a sufficient number of users, Google marks it with a suspicious banner. This visual alert not only warns the individual who reported the email but also informs their colleagues, creating a proactive defense mechanism.
• Inbox management: Reporting phishing emails directly through GMail instantly removes the threat from your inbox. This feature ensures that reported emails are handled swiftly and efficiently, reducing clutter and potential risk.
• Improved monitoring and feedback: Our cybersecurity team will now have access to the emails reported through Google. This visibility allows us to monitor trends, identify false positives, and provide feedback to employees who may mistakenly report legitimate emails, fostering a continuous learning environment.
• Safe reporting: Google’s system is designed to recognize legitimate emails even if they are reported. This functionality means employees can report suspicious emails without fear of causing disruption to normal email delivery, ensuring peace of mind and encouraging proactive participation.