Why Should I Install the Phish Alert Button and How Should I Inform My Users?
Learn how installing the Phish Alert Button (PAB) can benefit your organization and help your users keep the organization secure. Follow our best practices for implementation to inform your users about the tool and its proper use before making it accessible.
Why should I install the PAB?
If your environment supports the installation of our PAB, this is a tool you can use to help your users become interactive with their security awareness training
The PAB is an add-in to your mail client (See our PAB compatibility matrix here) which enables your users to report a suspected phishing email. The reported message can be a simulated phishing test from KnowBe4 or a possible real cyber-attack.
Your user will receive instant feedback for reporting the email, thanking them for keeping your organization secure. The feedback they receive can be fully customized by you. In addition, the non-simulated phishing emails reported by your users will be forwarded to an email address of your choice. We recommend setting up a separate email address for this purpose, such as firstname.lastname@example.org.
You’ll also see an option to send copies of your reported phishing emails to KnowBe4 in your PAB account settings, and we strongly recommend you do so. We analyze each email that is sent to us through the PAB and it allows us to see real-time trends in new types of phishing attacks reaching our user base. Through receiving this information, we can stay up-to-date on new methods used by cybercriminals to trick your users and keep our phishing template database up to date.
The PAB accomplishes a number of different things for your organization.
- It streamlines the process of what an employee should do when they receive a potential phishing email. It takes the place of employees forwarding suspicious emails to the IT team, help desk, or their managers.
- It allows you to see real-life phishing attacks that are making it through to your users as soon as they are reported, and you will be better informed to make decisions about your defense-in-depth strategy.
How do I implement the PAB?
To begin the PAB implementation process, we advise account admins to enroll all of their users in a “Phish Alert Button” training campaign. With the proper training module(s) assigned, your users will learn when and how to use the PAB appropriately.
In the ModStore, we provide two PAB training modules:
- Using the Phish Alert Button: Report Suspicious Emails
- This module teaches your users how to distinguish between spam, phishing, and spear-phishing emails. It is best suited for those wanting to use the PAB to report ONLY malicious emails.
- Using the Phish Alert Button: Report Unsolicited Emails
- A broad overview of the PAB, this module teaches your users how to safely handle unsolicited emails. It is best suited for those wanting to use the PAB to report all unsolicited emails.
These modules are available at all subscription levels and can be added to your PAB training campaign once purchased.
For this training campaign, we suggest you choose the following settings:
- End Campaign At. We recommend choosing a Relative Duration of 1-2 weeks, meaning each user will have that amount of time to take the training upon their enrollment.
- Content. Choose which PAB training module you'd like to enroll users in. (See above description)
- Enroll Groups. Choose to enroll All Users.
- Automatically enroll users that are added to the above groups in the future. Leave this box checked. This will ensure all new users are assigned the training.
- Notifications. At a minimum, you’ll want to add a Welcome notification here to notify your users of their enrollment in PAB training. We would also recommend adding one to two reminder notifications to encourage the user to complete the training prior to their due date.
For more information on how to set up your training campaigns, see our Training Campaigns & Course Management article.
How can I inform my users about the PAB?
Below are two customizable emails you can send to your users in regard to the PAB. The first email introduces the PAB to your users and explains how and why it should be used. Included in the email are links to all of our end-user PAB articles. Select the article to send to your users based on your installation method. The second email is if you decide to enroll your users in optional PAB training before having the PAB installed.
Here is a message you can send to your users to inform them about the new add-in to their email client (Outlook, Exchange, Microsoft 365 (formerly Office 365), or Gmail) and why they should use it:
You may notice a new “Phish Alert Button” in your email client today. Please click this button whenever you receive a suspicious or potentially dangerous email. Upon clicking, the email will be deleted from your inbox and forwarded to our Risk Management team for analysis immediately.
Here is additional information about the Phish Alert Button that may be helpful:
By using this new button, you will help us to keep our organization safe and defend against cyber attacks. Thank you for your participation.
Here is a message you can send to your users to inform them about the new PAB training:
You were enrolled in “Phish Alert Button” training today. The Phish Alert Button (PAB) is an add-in tool that will allow you to easily report unsafe emails in your inbox to our Risk Management team for immediate analysis. The PAB training will teach you how to handle unsafe emails and help you to distinguish between spam, phishing, and spear-phishing emails.
How do I test that my users' PABs are working?
If you would like to test that your Phish Alert Button is working correctly, here is a message you can send your users to inform them on how to test their PAB:
This email is to track and test every [[company_name]] employee's Phish Alert Button. Please PAB this email at this time.
If you have any issues using your Phish Alert Button, please contact IT.