Setting up reporting for suspicious emails

It's important your team members know what to do if they spot a suspicious email. Let’s go through some options for setting up a reporting process.

There isn’t one right way to do this — what matters most is that you choose an option that works for you and your team, and that everyone feels confident using it.

Here are a few ideas to consider.

  • An email inbox. Choose or create an email address that your team forwards suspicious emails to.
  • A channel in your communications platform. If you use a platform like Slack or Microsoft Teams, choose or create a channel where your team reports suspicious emails.
  • An integrated reporting tool in your email suite. This can be a simple solution if your email suite offers it.

Once you’ve set up your chosen reporting option, make sure everyone on your team knows what it is and how and when to use it. 

This is also an ideal time to tell your team that phishing attempts are designed to be hard to identify, so there’s no shame in not spotting one or in doing what it asks for. 

What’s important is that people feel comfortable reporting suspicious emails, even when they’ve clicked a link or shared personal information like usernames or passwords.

Combined with Security Awareness training, having a clear reporting process in place will help your team get safer and more secure.