Reporting a Phishing Email

If you receive a phishing email that you have not interacted with (e.g., clicking links, replying, or calling), follow the procedures below. For any other suspicious activity or suspected/actual incidents or breaches, refer to the ‘Reporting Cybersecurity Incidents.’

IN THIS ARTICLE

Using a Trinity Fellowship Email Account

Using a Non-Trinity Email Account

Report Phishing Button vs SPAM button

Using a Trinity Fellowship Email Account

If you are using a Trinity Fellowship email account, you should have a Report Phishing Button in the sidebar. It looks like a fish hook (see image below). To report a phishing email from your Trinity account, use the steps below:

Report Phishing button in web browser
Report Phishing button in Gmail app & Show side panel button on desktop website
  1. While viewing the email, click on the Report Phishing Icon in the Gmail sidebar (or at the bottom of the message in the mobile app).
  2. Click on the Report Phishing Button in the window that opens.
  3. Delete the email (if necessary).

If you have any issues using the Report Phishing Button, forward the email to support@trinityinfo.org, then delete the email.



Using a Non-Trinity Email Account:

Related to Trinity Fellowship?

If the phishing email contained a reference to Trinity Fellowship, your role at Trinity Fellowship, or a pastor, staff member, elder, leader, member, or attender of Trinity Fellowship, follow the steps below:

  1. Forward the email to support@trinityfellowship.com
  2. Delete the email.

Not Related to Trinity Fellowship?

If the email did not concern Trinity Fellowship, use the built-in SPAM/Junk mail button in your email console to mark the email for your email provider. 

Report Phishing Button vs SPAM Button

The Report Phishing button is the correct way to report suspicious emails. The built-in SPAM or Junk button in your email client trains your personal mailbox filter, it does not notify anyone of a potential threat.

Key Reasons to Use the Report Phishing Button

  • Notifies IT/Security – Reported emails are automatically sent to the security team for analysis and response.
  • Protects the Organization – If the message is part of a broader phishing campaign, IT can block or remove it from other mailboxes before damage occurs.
  • Improves Threat Detection – Data from reported messages helps strengthen our defenses and email filtering systems.
  • Supports Security Awareness Training – If the email was part of a phishing simulation, your report is logged as a successful detection.
  • Reduces False Positives – Unlike the SPAM button, which may classify legitimate emails as junk, the Report Phishing button ensures suspected malicious emails are reviewed and handled appropriately.

Summary

Always use the Report Phishing button when you receive a suspicious or unexpected email. The built-in SPAM/Junk button should only be used for routine unsolicited marketing emails (aka: junk mail), not for potential phishing attempts. Reporting through the correct method helps protect both your account and the entire organization.