Skip to main content
All CollectionsPhishArmAnalyze Reported Emails
How to resolve reported emails?
How to resolve reported emails?
Soumalya Mitra avatar
Written by Soumalya Mitra
Updated over a week ago

1. Analyze a reported email

When you click on any reported email, you can see all the relevant information about it to enable you to review and resolve a reported email. You will see the following information about a reported email.

a. Basic information

This provides basic information about the reported email such as sender, receiver, reported by and email tags such as SPF, DKIM and DMARC. you can also see which platform was the email reported from

b. HTML tab

This displays the reported email rendered in html

c. Headers Tab

This displays all the headers and their values that were present in the reported email

d. Links Tab

This displays all the links in the reported email and classifies those links as being as one of the following 3 categories.

i. Malicious - URL is not safe to use

ii. Suspicious - Users should use caution while visiting these URLs

iii. Safe - URL does not exhibit any malicious characteristics and is safe to use

e. Domain Tab

This displays the domains to which all the links in the reported email belong and classifies them as being as one of the following 3 categories.

i. Malicious - URL is not safe to use

ii. Suspicious - Users should use caution while visiting these URLs

iii. Safe - URL does not exhibit any malicious characteristics and is safe to use

2. Resolve a reported email

Based on the information provided above, you'll analyze the reported email and conclude about 2 things viz.

a. Is it a malicious email or a safe email?

b. Severity and category of the reported email if it is a malicious email

If the reported email is malicious based on your analysis, you should do the following:

i. Assign a category from the following:

- Threat

- Phishing

- Spam

- BEC (Business Email Compromise)

ii. Assign a severity from the following:

- Low

- Medium

- High

- Critical

iii. Move the reported email from the users inbox to quarantine by clicking on the Quarantine button

iv. Choose to duplicate the reported email using PhishTwin and use it as a phishing email template to train your employee

v. Click on Mark as resolved to mark the reported email as resolved

If, instead, the reported email is not malicious and is safe based on your analysis, you should do the following:

i. Assign a category from the following:

- Secure

- Simulation

ii. Assign a severity from the following:

- Low

- Medium

- High

- Critical

iii. Move the reported email from the quarantine to users inbox by clicking on the Move to Inbox button if the email was moved to quarantine previously

iv. Choose to duplicate the reported email using PhishTwin and use it as a phishing email template to train your employee

v. Click on Mark as resolved to mark the reported email as resolved

Did this answer your question?