Information Technology Services

Phish Alert Button

Beginning October 27th, 2025

Spot a Phish? Report It With One Click!

We are introducing a new feature in your Gmail toolbar to help keep our community safe from email scams: the Phish Alert Button. Using it is the fastest and most effective way to report suspicious emails and protect yourself and others from cyber threats.

Remember the simple rule: Stop. Look. Think. Report.

How to Use the Phish Alert Button

Reporting a suspicious email is now a simple 3-step process.

Select the Email: In Gmail, open the suspicious message. You don't need to click any links or download anything.
Click the Button: Look for the Phish Alert Button (it may look like a fishhook or a shield icon) in your toolbar at the top of the email. Click it.
Confirm: A prompt will ask if you are sure you want to report the email. Click Yes to confirm.

That's it!

Phish Alert Button image-directions

What Happens After You Report It?

Once you confirm, two things happen automatically:

It's Sent to Security: The message is immediately and safely forwarded to our security team for investigation. This helps us block real threats before they can affect others.
It's Removed From Your Inbox: The suspicious email is deleted from your inbox, so you don't have to worry about accidentally clicking on it later.

What about training emails? Sometimes, our security team sends simulated phishing emails to help everyone practice. If you correctly report one of these safe simulations, you will receive an immediate pop-up message letting you know you spotted the test.

When Should You Use the Button?

Use the Phish Alert Button whenever an email seems "off" or suspicious. Trust your instincts. Good candidates for reporting include emails that:

Ask you to click a link or open an attachment you weren't expecting.
Create a false sense of urgency, like a threat to close your account.
Appear to be from a trusted source (like IT or HR) but ask for your password or personal information.
Contain unusual spelling and grammar mistakes.

The bottom line: If you're unsure about an email, the safest thing to do is report it. Never click links or open attachments in an email you don't fully trust.

Expand All

Phish Alert Button FAQ

Q: What exactly should I report with the Phish Alert Button?
A: Report emails you suspect are malicious — phishing and spear-phishing messages. Don’t use PAB for normal spam or promotional email; just delete spam.

Q: What happens after I click the PAB?
A: The email is forwarded to the InfoSec team for analysis and then removed from your inbox. If it’s malicious, we’ll take next steps to protect the community.

Q: Will reporting the email delete it permanently?
A: It’s removed from your inbox. Our team will investigate the forwarded message. If the message is needed for other reasons, InfoSec will advise what to do next.

Q: What if I accidentally report a legitimate email?
A: No worries — our security team will review and mark it safe. If you need it restored, contact the Helpdesk and include details of the message.

Q: Will PAB stop all phishing?
A: No single tool stops everything. PAB helps quickly get suspicious messages to InfoSec so we can analyze and block threats faster — but user caution and training remain essential.

Q: Will using PAB affect shared files or Google Drive items?
A: PAB only forwards email. It does not remove or change shared Google Drive data. If a phishing attack involvesshared files, InfoSec will advise on next steps.

Q: Who should users contact if they need help?
A: If you need help using the PAB or have questions about a reported message, contact the ITS Helpdesk.

Q: Is this training/testing content?
A: We will run awareness and training about how to use PAB. If we run phishing simulations, we’ll notify participating groups and share lessons learned. We will not use the entire campus for blind testing without coordination.

Q: Which platform are we using?
A: We’re integrating the Phish Alert Button into Gmail.

Q: How long until people start using it?
A: Adoption takes time. We’ll use email reminders, campus signage (InBrief), and short training messages to help users learn how and when to report.