📖 2 mins read

How to Find and delete Phishing emails in Google Workspace?

There are multiple reasons to have the ability to identify and remove emails that have been received by all or any of your domain users.

Here are some unwanted scenarios:

  • Phishing emails
  • An email is sent to the wrong user or group
  • An email contains inappropriate content
  • An email that contains sensitive information
  • An email that has gone past spam filtering

GAT+ allows Admins to find and remove these emails from all accounts at once.

Find emails

To find the emails in real-time we will use Email content search 

Note: This will find any email as long as it exists in any of your users’ email box.

In GAT+ click on the Email tab then select Email Content Search

GAT Unlock 2.0 | Find and delete Phishing emails 1

In the “query builder” enter the search parameters.

For this example, we search for the Email subject:

  • Query: subject: “Important email for Sales team”
  • Scope: / (top Org.unit)  – include sub.OUs

GAT Unlock 2.0 | Find and delete Phishing emails 2

Click on Search emails 

The result will show all emails with the subject: “Important email for Sales team” – use quotes to get the exact subject name.

GAT Unlock 2.0 | Find and delete Phishing emails 3

Select the emails (by clicking on the check-mark beside the subject) and click on the “Email operations” button above the result.

This will show a menu with options:

  • Access ‘Unlock’ grants
  • Create new access request
  • Access permissions list
  • Download e-mails (EML)
  • Download e-mails (PDF)
  • Remove e-mails (permanent)
  • Remove e-mails (trash only)

GAT Unlock 2.0 | Find and delete Phishing emails 4

Select and click on the Create new access request button.

GAT Unlock 2.0 | Find and delete Phishing emails 5

A pop-up menu will be displayed, fill in the details

  • Request access until – pick the date until access to those emails will be granted
  • Message – Leave an (optional) Message to the Security officer
  • Additional permissions – checkmark to Enable or Disable the option to Allow removing emails 

Click on Send request to proceed.

Security officer

When the request is sent the Security officers receive an email for approval.

GAT Unlock 2.0 | Find and delete Phishing emails 6

The Officer then can approve or deny the request.

When it is approved, click on Email content search and select Previous searches 

GAT Unlock 2.0 | Find and delete Phishing emails 7

From the Previous searches ( Recent email content searches ) select any of the green checkmarks under Actions.

This will open the previous results and the Email operations button will be displayed

GAT Unlock 2.0 | Find and delete Phishing emails 8

From the options select the Access permissions list 

A pop-up menu will be displayed, select the newly approved request ( Investigating suspicious emails to the Sales team )

GAT Unlock 2.0 | Find and delete Phishing emails 9

Result

Click on the checkmark under the Actions.

This will load the result and emails.

On the right side under Actions, the Admin can take individual action on each of the emails

  • Download as PDF
  • Download as EML
  • Show email content 

GAT Unlock 2.0 | Find and delete Phishing emails 10

On the left side – select the emails (bulk) and click on the Email operations button

GAT Unlock 2.0 | Find and delete Phishing emails 11

Bulk options will be available.

  • Download e-mails (EML)
  • Download e-mails (PDF)
  • Remove e-mails (permanent)
  • Remove e-mails (trash only)

As a result, Admin can apply live search on the domain find all phishing or accidental emails, request access to them to View their content, Download and Remove emails ( individually or in bulk )

 

If you would like to run a trial of our products please install GAT+ from the Google Workspace Marketplace and contact us at support@gatlabs.com with any questions you may have.

To request a demo please click here and fill the form, we will get back to you in less than 12 hours during weekdays.

If you tried GAT in the past and you would like to run a fresh trial again, please enquire through this form.

 

Thanks for sharing and spreading the word!