What are best practices for handling phishing reports?

Intake process: make reporting easy (dedicated address, button in client), acknowledge reports promptly, and triage by potential severity. More reports equals better detection.

Analysis: verify phishing indicators, check if others received similar messages, determine scope and targeting, and identify attack infrastructure. Document findings for response decisions.

Response: block at gateway if not already, notify affected users, report to appropriate parties (law enforcement, brand owners, industry groups), and update detection rules. Follow up to ensure blocking effectiveness.