Engage employees

Set up phishing reporting

Let employees report suspicious messages from Gmail or Outlook and review non-simulation reports in elba.

Reviewed Jul 12, 2026 · Product

Overview

The Report Phishing add-on gives employees a report action in Gmail or Outlook. Reporting is initiated by the employee and applies to the message they currently have open.

When a message is reported, elba determines whether it is part of an elba phishing simulation:

  • A reported simulation is associated with the employee's campaign result.
  • A message that is not an elba simulation is stored in the Email Reports inbox for administrators to review.

The presence of a message in Email Reports does not determine whether it is malicious. Your security team should review it according to your incident-response process.

Before you install the add-on

Confirm:

  • Whether your organization uses Google Workspace or Microsoft 365 for email
  • Who is permitted to install or approve add-ons for your tenant
  • Which employees or organizational groups should receive the add-on
  • Who will monitor the Email Reports inbox

If administrators should receive notifications for newly reported non-simulation messages, configure Slack, Microsoft Teams, or Google Chat as the relevant organization channel. Email is not used as a fallback for this administrator alert.

Use the installation link displayed in elba rather than a saved marketplace URL. This ensures that you open the listing currently associated with your workspace and email provider.

  1. Open Phishing in the elba admin portal.
  2. During activation, open the Add-on step. If phishing is already active, open Email Reports and select Configure add-on.
  3. Select the install action shown for your email provider.
  4. Review the listing, requested permissions, and publisher details.
  5. Complete your provider's approval and assignment flow for the intended users.
  6. Confirm that the report action appears for a pilot user before assigning it more broadly.

The exact approval options are controlled by your Google Workspace or Microsoft 365 tenant policies.

Data sent when an employee reports a message

When an employee chooses Report Phishing, the add-on sends information from the selected message to elba so the report can be processed. Depending on the email provider and message, this can include:

  • Subject
  • Sender and recipient information
  • Message body
  • Message identifier
  • Attachment information or content available to the add-on

Reporting is scoped to the message the employee has selected. Employees should follow your organization's data-handling policy when reporting messages that may contain sensitive information.

Employee experience

To report a message, the employee:

  1. Opens the suspicious message in Gmail or Outlook.
  2. Opens the elba Report Phishing add-on or action.
  3. Selects Report.
  4. Waits for the confirmation shown by the add-on.

Employees should avoid interacting further with a suspicious message after reporting it and follow any additional incident-response guidance from your organization.

Review reported messages

Open Phishing > Email Reports in the elba admin portal.

  • Unread contains newly reported non-simulation messages.
  • Read contains reports that an administrator has marked as reviewed.

Open a report to inspect its available details. Mark it as read after your team has triaged it according to your security process.

When configured, elba can notify administrators of a new non-simulation report through Slack, Microsoft Teams, or Google Chat. The notification is a prompt to review the report; it is not a classification of the message.

Validate the setup

Use a small pilot group before a broad rollout.

  1. Confirm that the add-on is visible in the supported mail client.
  2. Report an elba simulation and verify that the campaign result records the report.
  3. Using a benign internal test message, confirm that a non-simulation report appears under Unread.
  4. Mark the test report as read and confirm that it moves to Read.
  5. If administrator alerts are configured, confirm delivery in the selected chat channel.

Do not use a message containing real credentials, regulated data, or other sensitive content for this test.

Troubleshooting

The installation page is unavailable

Return to the Add-on or Email Reports view in elba and open the current link again. Also check whether your email administrator restricts marketplace applications or requires an approval request.

The report action does not appear

Confirm that the add-on was assigned to the affected user and that deployment has completed in the email provider. Then restart or refresh the mail client.

Administrators receive no alert

Check that Slack, Microsoft Teams, or Google Chat is connected and selected for the organization. Reported messages can still appear in Email Reports even when an administrator chat alert is not delivered.

On this page