Supported editions for this feature: Enterprise; Education Standard and Education Plus. Compare your edition
From this report, you can view the number of messages with suspicious attachments. Attachments that use rare and anomalous filetypes, or attachments from untrusted senders that are either encrypted or contain scripts, pose a higher risk of malicious content.
Note: Untrusted senders are senders with no prior history with the recipient, or that have a low sender reputation.
View the suspicious attachments report
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
In the Admin console, go to Menu SecuritySecurity centerDashboard.
- In the bottom-right corner of the Suspicious attachments panel, click View Report.
Suspicious attachments graph
This graph shows messages broken down as follows:
- Encrypted—Number of messages with encrypted attachments. Encrypted attachments cannot be scanned for malware.
- Contain scripts—Number of messages that contain scripts. Certain documents contain malicious scripts that can harm your devices.
- Anomalous—Number of messages with anomalous attachments. Attachment types that are uncommon for your domain may be used to hide malicious content.
Note: You can hide lines in the graph by clicking on the legend. For example, click Contain scripts to hide this data. This is especially useful if one line overlaps another.
Using the drop-down menus above the graph, you also customize the graph to provide details only about certain types of messages:
Classification: All, Clean, Spam, Phishing, Malware, Suspicious
All—Include all messages.
|Domain||Choose the domain for your report.|
Customize the report to view data from Today, Yesterday, This week, Last week, This month, Last month, or Days ago (up to 180 days); or enter a Start date and End date. Click Apply after you set the date range.
Note: For this report, data is displayed only for the last 31 days. For example, if you set the parameters for up to 60 days, the data in the report is cut off at 31 days.
To generate a spreadsheet with the graph’s data, click Export Sheet. A spreadsheet corresponding to the data in the graph will be generated and saved to your My Drive folder.
Compare current and historical data
To compare the current data to historical data, in the top right, from the Statistical analysis menu, select Percentile (not available for all Security dashboard charts). You’ll see an overlay on the chart to show the 10th, 50th, and 90th percentile of historical data (180 days for most data and 30 days for Gmail data). Then, to change the analysis, at the top right of the chart, use the menu to change the overlay line.
Suspicious attachments table
To view more details about suspicious attachments on specific dates, click any data point in the graph. For example, you can view data for this report by Subject, Recipient, Sender, IP address, and more.