HowTo: Configure CyberHoot’s Report Phish Integration for Google Workspace

10th April 2026 | HowTo, MSP, Platform, Technology HowTo: Configure CyberHoot’s Report Phish Integration for Google Workspace

Google Workspace “Report Phish” Integration


🔹 Overview

Gmail’s built-in “Report Phishing” button sends reports only to Google’s internal Alert Center — it does not forward to a custom mailbox. To route user-reported phishing emails to CyberHoot, a Gmail add-on from the Google Workspace Marketplace is required.

CyberHoot Report Phish only accesses the single email a user has open when they choose to report it, and does not read, scan, or access any other messages in the inbox. This narrow, single-message design keeps the add-on’s Google Workspace permissions minimal while still preserving full fidelity, the original email is forwarded as a complete .eml attachment so nothing is lost between what the user saw and what your security team reviews.

Additional privacy information can be found in our privacy policy located at https://cyberhoot.com/privacy-policy/

Required add-on: CyberHoot Report Phish

FeatureDetails
One-click reportingUsers click a single button to report suspicious email
Forwarding methodForwards the original email as an attachment to your configured address
Admin-configurableDestination email is set once by the admin and applies to all domain users
Marketplace listingworkspace.google.com/marketplace

1️⃣ Install the Add-on (Admin Only)

1. Search for CyberHoot Report Phish Add-on page in the Google Workspace Marketplace:

2. Click Admin Install

3. Select Everyone at your organization

4. Check the box to agree to the Terms of Service, Privacy Policy, and Google Workspace Marketplace Terms of Service

5. Click Finish


2️⃣ Configure the Add-on (Admin Only)

Once installed, the admin must configure the destination email from within Gmail. This is a one-time setup and the settings apply to all users in the domain.

1. Open Gmail while signed in as a Google Workspace admin

2. In the right sidebar, click the CyberHoot add-on icon to open the panel

3. The panel will display an Admin Setup section with the following fields:

FieldWhat to enter
Forwarding email addressleave reportphish@cyberhoot.com to send reports directly to CyberHoot, or enter your internal security team’s mailbox if you prefer to review reports before they are forwarded
Add-on display nameLeave the current name CyberHoot Report Phishing
  1. Click Update to save. Settings are applied domain-wide immediately.

📌 If you choose to use an internal mailbox as the forwarding address, make sure to configure that mailbox to forward a copy of all received reports to reportphish@cyberhoot.com so CyberHoot can process them. See Step 3 below.


3️⃣ Forward Reports to CyberHoot (If Using an Internal Mailbox)

Skip this step if you entered reportphish@cyberhoot.com directly in Step 2. If you are routing reports through an internal security mailbox first, follow these steps to forward a copy to CyberHoot.

Google Workspace blocks automatic external forwarding by default, so you must first enable it for the reporting mailbox.

3️⃣.1️⃣ Allow External Forwarding for the Reporting Mailbox

  1. Sign in to the reporting mailbox in Gmail
  2. Go to Settings → See all settings → Forwarding and POP/IMAP
  3. Click Add a forwarding address and enter reportphish@cyberhoot.com
  4. Confirm the forwarding address when prompted by Google
  5. Select Forward a copy to retain the original in the internal mailbox
  6. Click Save Changes

4️⃣ Validate the Full Flow

  1. Send a test phishing email to a user
  2. User opens the email in Gmail and clicks the Report Phishing button in the sidebar
  3. Confirm:
    • The reported email is forwarded to the configured address
    • If using an internal mailbox, confirm it relays a copy to CyberHoot
    • The original email is preserved as an .eml attachment

📌 Result:
User-reported messages are automatically forwarded to CyberHoot with a single click, with no further action required from the user.

Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

The Ransomware an AI Model Built Without Trying

The Ransomware an AI Model Built Without Trying

Researchers went looking for a fake photo upscaler and found something stranger: a ransomware kit an AI model...

Read more
CyberHoot Goes Fully Passwordless: Native Passkey Support Arrives for Administrators

CyberHoot Goes Fully Passwordless: Native Passkey Support Arrives for Administrators

For four years, CyberHoot has argued the same thing on its blog: passwords are major weak link. They get reused,...

Read more
Don’t Score an Own Goal: Outsmart World Cup 2026 Scams

Don’t Score an Own Goal: Outsmart World Cup 2026 Scams

The 2026 FIFA World Cup kicked off on June 11th across the United States, Canada, and Mexico. Six million fans...

Read more