Gmail’s built-in “Report Phishing” button sends reports only to Google’s internal Alert Center — it does not forward to a custom mailbox. To route user-reported phishing emails to CyberHoot, a Gmail add-on from the Google Workspace Marketplace is required.
CyberHoot Report Phish only accesses the single email a user has open when they choose to report it, and does not read, scan, or access any other messages in the inbox. This narrow, single-message design keeps the add-on’s Google Workspace permissions minimal while still preserving full fidelity, the original email is forwarded as a complete .eml attachment so nothing is lost between what the user saw and what your security team reviews.
Additional privacy information can be found in our privacy policy located at https://cyberhoot.com/privacy-policy/
Required add-on: CyberHoot Report Phish
| Feature | Details |
|---|---|
| One-click reporting | Users click a single button to report suspicious email |
| Forwarding method | Forwards the original email as an attachment to your configured address |
| Admin-configurable | Destination email is set once by the admin and applies to all domain users |
| Marketplace listing | workspace.google.com/marketplace |
1️⃣ Install the Add-on (Admin Only)
1. Search for CyberHoot Report Phish Add-on page in the Google Workspace Marketplace:
2. Click Admin Install
3. Select Everyone at your organization
4. Check the box to agree to the Terms of Service, Privacy Policy, and Google Workspace Marketplace Terms of Service
5. Click Finish
2️⃣ Configure the Add-on (Admin Only)
Once installed, the admin must configure the destination email from within Gmail. This is a one-time setup and the settings apply to all users in the domain.
1. Open Gmail while signed in as a Google Workspace admin
2. In the right sidebar, click the CyberHoot add-on icon to open the panel
3. The panel will display an Admin Setup section with the following fields:
| Field | What to enter |
|---|---|
| Forwarding email address | leave reportphish@cyberhoot.com to send reports directly to CyberHoot, or enter your internal security team’s mailbox if you prefer to review reports before they are forwarded |
| Add-on display name | Leave the current name CyberHoot Report Phishing |
📌 If you choose to use an internal mailbox as the forwarding address, make sure to configure that mailbox to forward a copy of all received reports to reportphish@cyberhoot.com so CyberHoot can process them. See Step 3 below.
3️⃣ Forward Reports to CyberHoot (If Using an Internal Mailbox)
Skip this step if you entered reportphish@cyberhoot.com directly in Step 2. If you are routing reports through an internal security mailbox first, follow these steps to forward a copy to CyberHoot.
Google Workspace blocks automatic external forwarding by default, so you must first enable it for the reporting mailbox.
3️⃣.1️⃣ Allow External Forwarding for the Reporting Mailbox
reportphish@cyberhoot.com4️⃣ Validate the Full Flow
.eml attachment📌 Result:
User-reported messages are automatically forwarded to CyberHoot with a single click, with no further action required from the user.
Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.
Researchers went looking for a fake photo upscaler and found something stranger: a ransomware kit an AI model...
Read more
For four years, CyberHoot has argued the same thing on its blog: passwords are major weak link. They get reused,...
Read more
The 2026 FIFA World Cup kicked off on June 11th across the United States, Canada, and Mexico. Six million fans...
Read moreGet sharper eyes on human risks, with the positive approach that beats traditional phish testing.
