skip to Main Content
Welcome to Gimasys!
Hotline: +84 974 417 099 (HCM) | +84 987 682 505 (HN)

5 Steps to Resolve Email Phishing for G Suite Admins

If you are using G Suite and Gmail as your main information exchange tools, we believe that your business also understands the benefits and importance that this solution brings regarding security issues. This article will help you – as a G Suite administrator – Resolve phishing emails in case they are sent to employee mailboxes in the business.

Google's email filter system usually protects users from emails with unusual content, or emails with signs of fraud. For example: If an email containing an infected attachment is sent to our email address, there is a high chance that it will be intercepted by Gmail's mail filtering classes. This way, the system will identify the emails with the highest spam risk and put them in the spam folder.

However, in a few exceptional cases, a phishing message will be able to slip through these message filtering layers. Or, to be more precise, the system will still transfer that message to the user's account and then determine that this email contains the risk of information fraud. Once identified, Gmail will remove this message from the user account and send a notification to the Gmail admin.

If you're a G Suite admin, here are a few things you need to do to double-check and secure your account once you've discovered phishing emails in your business.

1/ Check the sender's details

Please check the alert email for the G Suite admin to make sure it was sent and signed by Google
Please check the alert email for the G Suite admin to make sure it was sent and signed by Google

When you open the email, click the small arrow below the sender's display name. Here, you will easily find detailed information related to the sender. For example: Send from any address, send to whom, email response will be sent to, time, subject, security.... 

A message is considered secure, authenticated if you look at the details and see that it was sent by (emailed by) and signed by (signed by) the correct domain name of the sender. Example: If the email was sent from, you'll see the emailed by and signed by sections are both named "". On the contrary, if you see a question mark next to the sender's name, you should be careful.

Normally, in an email that Google's system sends to admins to notify them of an phishing attempt, you'll see a button that calls to go to the alert center – “Go to Alert Center". You can click here to access more detailed information, or do not directly click on the link but access the Alert Center according to the instructions below.

2/ Access to the alert center – G Suite Alert Center

First, you need to log in to the G Suite admin page by going to: Here, you can log in with your admin account.

To view security alerts in the Alert Center, you can access it here in at least two ways.

  • Method 1: Click on the three dashes icon in the upper left corner of the Admin console. Move your mouse over the Security section to see the options displayed, then click on the Alert Center section.
Alert Center - G Suite Alert Center
Alert Center – G Suite Alert Center
  • Way 2: After logging into the Admin console, you can go directly to the address to be directed to the Alert Center page.

3/ Check details of phishing email

The Alert Center will display the email addresses to which phishing messages are sent. The system also displays the sender's email address, as well as the time (date, time) sent.

Phishing email details
Phishing email details

4/ Check your login account again

If a user has opened the email and clicked on the link attached to the phishing email, they may have exposed the information to the hacker or the system that created this information scam.

To ensure that the account and login information are protected, check the email the user used to log in after receiving the phishing email. Go to G Suite Admin console > go to Report (Report) > find section Audit and choose Login.

5 steps to solve Email Phishing for Admin G Suite 1

Please enter the email address you just received the phishing message in the information field Username. Then enter the time – date and time – that they received the phishing email in the “” field.Date and Time Range". Then click Search to display a list of logged events.

5 steps to solve Email Phishing for Admin G Suite 2

If you detect logins from unusual IP addresses, you'll probably want to change that user's password again. To be on the safer side, search in the . section Report | Audit | Admin to find changes related to the administration or other activities of this account, from the time of receiving the phishing email.

5/ Notice to the recipient

In some cases, the admin will have to choose to notify users who have received phishing emails. You can share screenshots of the information in the Alert Center related to phishing emails so that they are aware of the situation (and aware of the potential risks, and more alert next time). 

If you've changed a user's password, you should also notify them of the password change request for the next login, as well as the password strength requirements they should set.

In case the user confirms that they have clicked on the link in the email, or worse, has provided some information and data for this information scam, the admin will need to take the next steps. to ensure the safety of the account, as well as protect the data that has been shared. 

BILLIONHere are the steps to take after discovering that users in your business have received phishing emails (and may have accidentally clicked on harmful links). However, "fire prevention is better than fire fighting". Make sure you've prepared your employees with the best security settings.

To support its customers, Google has proactively applied the development of technology such as artificial intelligence and gives admins tighter, more useful control. Specifically:

  • Google has been applying Machine Learning into billions of "early warning signs" of phishing emails, thereby training its machine learning model. Thanks to that, the system will quickly detect which emails have potential for fraud and information appropriation. 
  • Admins will have more control with mobile device management installed by default: One of the best ways to protect business data is to protect end-user devices, such as phones. More than 7 million devices are currently being managed with G Suite's Mobile Management solution.
  • Admin can easily observe the security status of the business: With the security center G Suite Security Center, IT admin will get security analysis, better understanding of the current situation of the business as well as recommendations made by Google.

For more detailed information about the above information, please refer to here. Security is always an issue that every business understands its importance, but very few units actually take action to protect users and their own data. If you're an admin or head of a business, we recommend proactively setting up settings and helping employees protect themselves.

Update: Gimasys

Back To Top
0974 417 099