If your sales team spends all day in email, they're a big, blinking target for phishing. One click on the wrong link can cause a world of pain—not just for them, but for everyone. Setting up real-time phishing alerts is a no-brainer, but most people either overcomplicate it or set it up once and forget about it. This guide is for anyone who wants to actually protect their sales team using Emailguard, not just tick a compliance box.
Why Real-Time Phishing Alerts Matter for Sales
Sales folks are fast-moving, and their inboxes are chaos. They're a goldmine for phishers: lots of outside contacts, pressure to respond quickly, and a tendency to open things without thinking twice. Relying on weekly security reports or “we train our team” isn’t enough. Real-time alerts mean you catch suspicious stuff before someone clicks it—not after.
But let’s be real: Too many alerts and people start ignoring them. Not enough, and something slips through. The key is striking the right balance and making sure alerts actually reach the people who can do something about it.
What You’ll Need Before You Start
- Access to your company’s Emailguard admin console (if you don’t have this, stop here and go get it)
- A list of your sales team’s email addresses or group (ideally in a CSV or group alias)
- Admin privileges on your email platform (Google Workspace, Microsoft 365, whatever you use)
- Clear agreement on who should get these alerts (just IT? sales managers? everyone?)
Pro tip: Before you mess with live alerts, make sure you have a test group or dummy inbox. You don’t want to spam your entire team while you’re figuring things out.
Step 1: Log in to Emailguard and Find Phishing Alert Settings
First things first, head over to Emailguard and log in with your admin credentials.
- Once you’re in, look for the “Security Policies” or “Threat Detection” section in the sidebar. (Vendors love to move this stuff around, so if you don’t see it, use the search bar at the top.)
- Find the subsection called “Phishing Alerts” or similar. Sometimes it’s buried under “Notifications” or “Incident Response.”
What to ignore: Don’t get bogged down with the “compliance reports” or “weekly summaries.” You want real-time or instant alert settings—the ones that ping users or admins as soon as a threat is detected.
Step 2: Decide Who Gets Alerts (and How)
This is the step most people mess up. If you send every phishing alert to your entire sales team, they’ll tune out fast. If you only notify IT, sales won’t know what hit them. Here’s what works:
- At a minimum: IT/security team gets all phishing alerts.
- Better: Sales managers or team leads get alerts about their team’s inboxes.
- Best: Individual sales reps get personal alerts when something shady targets them—but only if you trust they won’t panic or ignore them.
How to configure:
- In “Phishing Alert Recipients,” add:
- A group email (e.g.
sales-alerts@yourcompany.com) for the sales org, or - Individual addresses for sales managers and key IT folks
- A group email (e.g.
- Choose notification methods: Email, SMS, Slack, whatever fits your workflow.
- Set the urgency. For most, “High” or “Critical” threats should be real-time. “Warning” level? Maybe just a daily digest for IT.
Pro tip: Don’t start by blasting everyone. Start tight, see what comes through, and expand if you need.
Step 3: Fine-Tune What Triggers an Alert
Not every sketchy email needs to set off sirens. Emailguard usually lets you customize this pretty deeply.
- Common triggers worth enabling:
- Emails flagged as “Likely phishing” or “Confirmed phishing”
- Messages with suspicious links or attachments
- Spoofed domains (like fake versions of your website)
- Credential harvesting attempts
- What to skip (at least at first):
- Generic spam (let your normal spam filter handle it)
- “Low confidence” threats (unless you’ve got a super-paranoid culture)
How to do it:
- Find the “Alert Rules” or “Detection Settings” area.
- Enable only the threat types that matter most to sales, like credential theft or fake invoices.
- Set exceptions for known-good senders (like your own finance department), but don’t go wild. Too many exceptions = holes in your net.
What works: Start with stricter settings, then dial back if you’re getting too many false positives. It’s easier to loosen up than to plug holes after the fact.
Step 4: Set Up and Test the Alerts
Before you unleash alerts on your whole sales org, test with a small group.
- Use a test mailbox (or a brave volunteer from sales) and send a few simulated phishing emails. Most email security platforms have built-in testing tools; if not, send yourself a very obvious fake.
- Make sure:
- Alerts arrive where they’re supposed to (email, Slack, whatever)
- They’re understandable—no cryptic codes or “see attached log”
- The right people get them, and no one else does
- Check how quickly alerts come through. If there’s a big delay, something’s wrong.
Pro tip: If the alert message looks like a Russian novel, rewrite it. People should know in ten seconds what to do.
Step 5: Train Your Sales Team—Briefly
You don’t need a 2-hour security seminar. Just cover:
- What a phishing alert looks like (show them an example)
- What to do when they get one (don’t click, forward to IT, etc.)
- Who to call if they’re not sure
Keep it short. Sales people don’t have time (or patience) for long-winded explanations.
Step 6: Monitor, Adjust, and Don’t Set and Forget
After you roll out alerts:
- Watch for alert fatigue. If people start ignoring alerts, you’re sending too many.
- Check for missed threats. If something gets through, tighten your rules.
- Review alert logs weekly for the first month, then monthly.
- Ask your sales team for feedback. If they’re confused or overwhelmed, tweak the settings.
What doesn’t work: “Set and forget.” Attackers change tactics all the time. Keep this on your radar.
Common Pitfalls (and How to Dodge Them)
- Over-alerting: If everyone gets every alert, nobody pays attention.
- Too many exceptions: Every “but this sender is safe!” is a potential hole.
- Ignoring alert customization: Default templates are usually awful. Make them clear and actionable.
- No feedback loop: If you never check if alerts are working, they probably aren’t.
Wrapping Up
Setting up real-time phishing alerts in Emailguard isn’t rocket science, but it’s easy to do badly. Keep things simple, start small, and only alert the people who need to know. Don’t drown your sales team in noise. Tweak as you go, and remember: a little maintenance beats a big cleanup after a breach.
Stay skeptical, check your settings now and then, and you’ll be a step ahead of the phishers.