Carnegie Mellon University
Computing Services  ›  Information Security Office  ›  Training and Awareness  ›  PhishAlarm Report Phish Button  ›  PhishAlarm Google Mail FAQs

Frequently Asked Questions: PhishAlarm for Google Mail

  • Which CMU Domains are provisioned to use PhishAlarm with Google Mail? Only @andrew.cmu.edu.
  • Can PhishAlarm be used with the Gmail app on a smartphone? No, PhishAlarm is only compatible with Google Mail in a web browser.
  • If a student converts an account from student to alumni, what will happen to the PhishAlarm add-on? When a student Andrew account is converted to an alumni account, the student Andrew accont is suspended and moved to a new instance of Google Mail (for alumni) which does not have access to PhishAlarm.
  • Can a user specify which email is to be reported, or do they report the entire email thread? PhishAlarm is only available when interacting with a specific mail message in a thread. PhishAlarm will then display which email is being reported should there be multiple emails expanded in the thread.
  • Can PhishAlarm be uninstalled? No, it cannot be uninstalled at the individual account level.
  • Does Proofpoint (PhishAlarm) collect any personal information? After a suspected phishing email is reported, the contents of the mesage are sent to Proofpoint and stored on their server for up to 30 days for troubleshooting purposes prior to deletion.
  • What happens if confidential information is accidentally identified as phishing with PhishAlarm? If any confidential information is accidentally reported as phish, the Help Center or the Information Security Office will follow the Standard PII Process "Manage PII Data in Service Now"  to remove all sensitive information from the email. The contents of the message will still be submitted to Proofpoint's server and stored for 30 days prior to deletion.
  • What happens to the email after it is reported to the Information Security Office? Once the email is reported to the Information Security Office through PhishAlarm, the original email is then moved to the reporting user's junk mail folder.
  • How can a user determine if an email is a phish or spam? A phish email is a malicious attempt to steal personal information such as password or financial information. Spam is unsolicited advertisement email sent in bulk. For more on the differences between phishing and spam please visit the Phishing vs Spam informational page.
  • I tried to report an email with PhishAlarm but received the following message "Spam and suspicious messages can't be used for recommended content or actions. Try searching messages in your Inbox" What should I do? When Google is able to determine that a message sender is not authenticated and the content is malicious, then Google will not allow any third party Add-on, including PhishAlarm, to access information in the email. For these email messages we ask that you manually report them to iso-ir@andrew.cmu.edu and delete them from your inbox. 
  • Who should users contact for any errors with PhishAlarm? For errors with PhishAlarm you can contact the Information Security Office at iso@andrew.cmu.edu.