What are best practices for handling phishing reports?
Intake process: make reporting easy (dedicated address, button in client), acknowledge reports promptly, and triage by potential severity. More reports equals better detection.
Analysis: verify **phishing** indicators, check if others received similar messages, determine scope and targeting, and identify attack infrastructure. Document findings for response decisions.
Response: block at gateway if not already, notify affected users, report to appropriate parties (law enforcement, brand owners, industry groups), and update detection rules. Follow up to ensure blocking effectiveness.
Was this answer helpful?
Thanks for your feedback!