Articles in this section

Gmail Add-In (KillPhish Lite)

Overview

This article details how to configure and deploy the Gmail Add-In (KillPhish Lite). This plugin allows users to report emails in Gmail. KillPhish Lite does not allow advanced scanning/scoring of emails, collection of header information, or a custom-reported success message to be displayed after a user reports an email. Additionally, it cannot be white labeled (a custom branding name and icon cannot be set).

Use the links below to jump to a section:

  1. Configuring KillPhish Lite
  2. Deploying KillPhish Lite

Configuring KillPhish Lite

To configure the Gmail Add-In (KillPhish Lite), you must navigate to Administration > Settings > Reporting Settings > Gmail Add-In (KillPhish Lite) tab on the PhishingBox portal. 

Below details each configuration option available for the Gmail Add-In (KillPhish Lite).

  • Reporter Email Address - this is the email address reported emails are sent to. The Reporter Email Address is defined on the General Reporting tab in Reporting Settings
  • Include The Blue Box in Reported Emails - when turned on, reported messages will contain The Blue Box -- a summary of information appended to the top of the reported messages, which contains information about the reported message.
  • Include Message Body below The Blue Box - when turned on, the message body will be included in reported emails, below The Blue Box.
  • Send Message Body to Portal Server - when turned on, the message body will be sent to the portal server. Using the two settings below, you can choose how the reported message is included in the reported emails.
  • Include Message Body as an Attachment in Reported Emails - when turned on, the message body will be included as a .eml attachment in reported emails.
  • Store Large EML Files Indefinitely - EML files of reported emails that are larger than 25MB cannot be directly attached to reported messages. Instead, they will be stored on the Portal server, and a download link will be provided in the reported email. When this setting is enabled, large attachments will remain accessible via the link until you request deletion from the Portal server. If this setting is disabled, you can specify how long these attachments should be retained on the server.
  • Require Login to Portal to Download Large EML Files - When turned on, users must log in to Portal to download large EML files of reported emails.
  • Send Simulated Phishing Emails to Reporter Addresses - when turned on, simulated phishing emails from PhishingBox that are reported will be sent to the Reporter Email Address and Additional Reporter Addresses.

Deploying KillPhish Lite

A Google Workspace admin account is required to deploy KillPhish Lite. Follow the steps below to deploy the add-in:

  1. Navigate to admin.google.com > Apps > Google Workspace Marketplace apps > Apps List

     
  2. Click "INSTALL APP"
  3. Search for "KillPhish"
  4. Click on the KillPhish Lite card (if you are on EU, you'll want to install KillPhish for EU)
  5. Click the button
  6. Finish the installation by selecting your Admin account and clicking "Install"

You have now installed KillPhish Lite for Gmail! For instructions on using the KillPhish Lite add-on, please see our Using the Gmail Add-In (KillPhish Lite) article.

 

Was this article helpful?
0 out of 0 found this helpful