Chrome Extension PAB

Google Workspace Phish Alert Button (PAB) Product Manual

The Phish Alert Button (PAB) Chrome Extension for Google Apps or Google Workspace gives your end-users the ability to report suspicious emails and empowers your employees to take an active role in managing the problem of phishing and other types of malicious emails. The tool can also provide your IT or risk management team with early warning of possible phishing attacks or malicious emails so they may take timely and effective actions to prevent security breaches or network compromise.

Paid Integration: If you are using our full-featured Phishing and Training console, the PAB will also track if your users report our simulated phishing emails, so you can see which users are successfully identifying potentially malicious emails.

We encourage you to inform all of your users of this tool before making it accessible. To help inform your users, here are helpful resources that you can use to assist with the implementation of the PAB:

For instructions on how to enable and configure your PAB in the admin portal, visit our main PAB article.

Important:You MUST whitelist our application in order to use the Google PAB for Chrome. Please see the How to Whitelist the KnowBe4 Phish Alert Button (PAB) for Chrome article for instructions on how to whitelist the Google PAB.

Installation Prerequisites

  • If you have not whitelisted already, please see the How to Whitelist the KnowBe4 Phish Alert Button (PAB) for Chrome article for instructions on how to whitelist the Google PAB.
  • For the Chrome extension only, you must have the extension installed on Windows/Mac/Linux and Chrome operating systems managed by Google Workspace.
  • End users must be logged in to Google Chrome and their Gmail account.
  • End users' profiles must be synced with Google Workspace while using Google Chrome.
  • You'll need the following Custom URL or Chrome App Extension ID:
    • Custom URL: https://chrome.google.com/webstore/detail/knowbe4-phish-alert/hfokdlmjeppdmpbngjpnlnijogcecaop
    • Chrome App Extension ID: hfokdlmjeppdmpbngjpnlnijogcecaop
  • You must have administrative rights to your organization's Google Apps or Google Workspace account.
  • Chrome Management must be enabled for your domain or Organizational Units.
  • You must enable and configure your PAB in the KnowBe4 admin portal. You’ll also need to download the following file to begin installation:
    • phish_alert_configuration.json file

Cloud Policy Installation Method

If you are having trouble installing the Google PAB through the Chrome Web Store, you can also install the PAB through a cloud policy. Please note that this step will authorize the necessary permissions for the PAB to function on a domain-wide level so that the users aren't required to allow the permissions when they receive the Google PAB extension.

Important: Chrome Management must be enabled in order to deploy the Google Workspace Phish Alert Button. To learn how to enable Chrome management in Google Workspace, review Google's Turn on Chrome browser management article.
  1. In the Google Workspace Admin Console, go to Devices > Chrome > Apps & extensions > Users & browsers.
  2. Click the + sign at the bottom of the page and select Add Chrome App or extension by ID
  3. Provide the Extension ID found in step 9 of the Chrome Web Store Installation Method section.
  4. Paste the JSON details into the Policy for extension field and click Save.
  5. Whitelist the PAB following the instructions listed in the How to Whitelist the KnowBe4 Phish Alert Button (PAB) for Chrome article.
  6. Go to Security > API Controls and select the Domain Wide Delegation option. 
  7. Click Add New and paste the following Client ID and OAuth Scopes:
    Client ID:
    682409154127-0iivv9sj7c06t2niq3cb54l8tshdj0gq.apps.googleusercontent.com
      

    OAuth Scopes:
    https://www.googleapis.com/auth/gmail.modify,
    https://www.googleapis.com/auth/gmail.send,
    https://www.googleapis.com/auth/userinfo.profile
  8. Click Authorize.
  9. In the Apps & extensions window, click your top-level domain to edit the App settings for users at that domain.
    Tip:If your organization uses Google Groups for Business, you can select specific Groups for Business that you would like to force the PAB Chrome extension to. 
  10. Under the Installation policy header, select Force Install for the domain you selected, or your selected organizational units (OUs).
  11. Click Save.

Chrome Web Store Installation Method

  1. Whitelist our application using How to Whitelist the KnowBe4 Phish Alert Button (PAB) for Chrome article. You will not be able to use the GPAB unless you have whitelisted.
  2. Log in to your KnowBe4 account and download the phish_alert_configuration.json file from your Account Settings.
  3. Ensure you're logged in as an Admin to your organization's Google Apps or Google Workspace account. When you're in Gmail, you can click on the top-right button to access your Admin area.

  4. Click the Admin icon to access your G Suite Admin area.
  5. Click Devices.

  6. Click Chrome.

  7. Click Apps & Extensions.

    If you are using the classic view for Google Admin, proceed to the section below.

  8. First, click the + button (see 1 below) on the bottom right of your screen, then click the Add Chrome App or extension by ID button (see 2 below).

  9. On the Add Chrome app or extension by ID screen, enter the extension ID and then click Save.

      • Extension ID: hfokdlmjeppdmpbngjpnlnijogcecaop
    Note:If you are using the Custom URL Installation Method, skip to step 2 of that section after following steps 1-9 from above.
  10. Click your top-level domain in the left-hand panel to edit the App settings for users at that domain. If you want to install the PAB Chrome extension for only specific organizational units (OUs), click that specific OU instead of your top-level domain.

  11. Click the drop-down menu next to the ID and select Force install. Force install will prompt your users to allow the PAB to be installed during their next Chrome restart with a pop-up window. Ensure you inform your users you'll be installing the PAB Extension, so they know to approve the install. If you'd like a customizable email template you can use to inform your users about the PAB, check out this article on our Knowledge Base.

    Note:If you are installing on an OU, install the Phish Alert Button as allow install on the top-level domain and as force install on the OU.
  12. Click on the application name to open the settings menu. This menu will open on the right-hand side of your screen. Copy and paste the contents of your configuration file phish_alert_configuration.json into the Policy for extensions field of the settings.

How to Install the Google PAB Using the Classic View

If you are still using the classic view for Google Admin, use the steps below to install the Google PAB.

  1. Follow steps 1-6 in the instructions in the section Chrome Web Store Installation Method.
  2. Click on the three dots located in the upper right-hand corner to open your settings, then click Add custom app from the drop-down.
  3. On the Add custom app screen, enter the following information, then click ADD:

  4. Click User settings for the new app.
  5. Under User settings, click your top-level domain to edit the App settings for users at that domain. You can also choose only specific groups you want to force the PAB Chrome extension to, depending on if you've set up groups in G Suite.
  6. Turn on Force Installation for the domain you selected, or your selected organizational units (OUs) -- this will prompt your users to allow the PAB to be added during their next Chrome restart with a pop-up window. Make sure you inform your users you'll be installing the PAB Extension so they know to approve the install.
  7. Upload your Configuration file: phish_alert_configuration.json.
  8. Click SAVE.

How to Uninstall

  1. Ensure you're logged in as an admin to your organization's Google Apps/G Suite account. When you're in Gmail, you can click the top-right button to access your Admin area.
  2. Click the Admin icon to access your G Suite Admin area.
  3. Click Devices.
  4. Click Chrome management.
  5. Click Apps & Extensions.

    If you are using the classic view for Google Admin, proceed to the section below.

  6. Click on the PAB Extension ID in your list of apps: hfokdlmjeppdmpbngjpnlnijogcecaop.

  7. Your settings will open on the right-hand side of your screen. Click the trash can icon to remove the app.

How to Uninstall the Google PAB Using the Classic View

If you are still using the classic view for Google Admin, use the steps below to uninstall the Google PAB.

  1. Follow steps 1-5 in the instructions in the Chrome Web Store Installation Method section.
  2. Hover over the app icon to the left of the PAB Extension ID: hfokdlmjeppdmpbngjpnlnijogcecaop.
  3. Check the box that appears.
  4. Click on settings, the three dots, in the top-right corner.
  5. Select Remove app(s).

User Experience

Once the PAB add-in is installed, upon their next Chrome restart, your users will be prompted with a pop-up message to Allow the KnowBe4 PAB app. They must click Allow on this pop-up message.

After allowing the PAB app, your users will see the PAB as an orange Phish Hook within Gmail.

A user can use the Phish Hook to report any email as a phishing email. The reported email will be in the user's Sent Items as a forwarded message and will be deleted from the user's Inbox. If the user incorrectly reported the email, they can retrieve it from their Deleted items/Trash.

Note: Users cannot use the PAB to report multiple emails at once. However, if an email has multiple emails associated with it, ALL of the emails will be reported when you report the email.
Note: The PAB uses Campaign Recipient ID (CRID) validation to detect whether or not an email that is marked with a training header is a simulated phishing email. If a message has a valid CRID and is reported for the first time (within the past hour) from the same account where the PAB was installed, it will be treated as simulated. A simulated message will be deleted and only shown as reported in the console instead of forwarded to PhishER.

To instruct your users on how to use the PAB, you can provide our How To Use the Phish Alert Button (PAB) in Gmail for Google Chrome article.

Additional Resources

Can't find what you're looking for?

Contact Support