Best Practices for Implementing the PAB
The Phish Alert Button (PAB) allows your users to report malicious emails to help keep your organization secure. In this article, you will learn about the benefits of the PAB and our recommendations for how to implement the PAB in your organization. To see which version of the PAB is best for your organization, see our PAB Compatibility Matrix. For general information about the PAB, see our Phish Alert Button (PAB) Product Manual.
Benefits of the PAB
The PAB enables your users to report suspected phishing emails and other malicious emails. If your organization’s mail environment supports the PAB, your users can use this tool to protect your organization from cyberattacks. The PAB can benefit your organization in the following ways:
- Your users can use the PAB to report simulated phishing tests or potential phishing emails. The PAB provides an easy option for your users to report suspicious emails without sending the emails directly to your IT team, help desks, or managers.
- When your users click the PAB to report an email, they will receive an instant message thanking them for keeping your organization secure. You have the ability to customize this message, if you’d like. For more information, see the Enable and Configure PAB section of our Phish Alert Button (PAB) Product Manual.
- When your users report a non-simulated phishing email, we can forward this email to an email address of your choice. We recommend that you set up a separate email address for this purpose, such as firstname.lastname@example.org. For more information, see the Enable and Configure PAB section of our Phish Alert Button (PAB) Product Manual.
- You can send copies of reported phishing emails to KnowBe4 for analysis. We analyze these emails to learn about new phishing attacks and to create new phishing email templates, such as our Reported Phishes of the Week templates. For more information, see the Enable and Configure PAB section of our Phish Alert Button (PAB) Product Manual.
- When users use the PAB to report an email, you will be able to see real phishing emails that your users receive. You can use this information to make decisions about your defense-in-depth strategy.
How to Teach Your Users About the PAB
To begin the PAB implementation process, we recommend that you enroll all users in a PAB training campaign. With the proper training assigned, your users will learn when and how to use the PAB. Before you create the training campaigns, we recommend that you email your users to notify them about the training. For an example email, see the How to Inform Users About the PAB section below.
We offer several PAB training modules in the ModStore. To learn more about each of these training modules, see the information below:
- Using the Phish Alert Button: Basic Use: This module provides a short overview of the PAB and how your users can use this tool.
- Using the Phish Alert Button: Report Suspicious Emails: This module teaches your users about the differences between spam emails, phishing emails, and spear-phishing emails. This training is best if you’d like your users to report malicious emails only.
- Using the Phish Alert Button: Report Unsolicited Emails: This module provides a broad overview of the PAB and teaches your users how to safely handle unsolicited emails. This training is best if you’d like your users to report all unsolicited emails.
- When You Report, We Get Stronger: This module provides an overview of the PAB and explains the benefits of using the PAB in your organization.
- When You Report, We Get Stronger -- COVID-19 PAB: This module provides an overview of the PAB and explains the benefits of using the PAB to protect your organization from COVID-19 phishing emails.
These modules are available at all subscription levels and can be added to your PAB training campaign.
If you’d like to create a PAB training campaign, we recommend you choose the following settings:
- End Date: We recommend that you choose a Relative Duration of one or two weeks. This setting will allow your users to take their training over a period of one or two weeks.
- Content: Choose which PAB training module you'd like to enroll users in. See the description above for more information about the training options.
- Enroll Groups: Select All Users.
- Enable automatic enrollment for new users: Keep this check box selected. This setting will ensure all new users are assigned the training.
- Notifications: At a minimum, you’ll want to add a Welcome notification to notify your users of their enrollment in PAB training. We also recommend that you add one to two reminder notifications to encourage users to complete the training prior to the training due date.
For more information on how to set up training campaigns, see our Creating and Managing Training Campaigns article.
How to Inform Users About the PAB
We recommend that you inform your users about the PAB. In the section below, we have included two customizable emails that you can send to your users to inform them about the PAB.
The first email informs your users that they’ve been enrolled in optional PAB training before the PAB is installed.
The second email introduces the PAB and explains how your users should use this tool. Included the email template are links to all of our PAB articles for users. You can select the article that you’d like to send to your users based on your PAB installation method.
Click the emails in the drop-down list below to see the template for each email.
Note: We recommend that notify your users about their PAB training prior to beginning the training campaign. We also recommend that you send training notifications to your users to inform them about their training and remind them to take their training. To send a training campaign notification, see the How to Teach Your Users About the PAB section above. For more information about training campaigns, see our Customizing Training Notifications article.
See the sample email below:
You have been enrolled in “Phish Alert Button” training. The Phish Alert Button (PAB) is an email add-in that will allow you to easily report unsafe emails to our IT team for immediate analysis. The PAB training will teach you how to handle unsafe emails and help you to distinguish between spam emails, phishing emails, and spear-phishing emails.
Please complete this training prior to the due date. Your participation will help us to keep our organization safe and defend against cyberattacks.
Note: Before you send your email, be sure to select the correct article from the bulleted list below. We recommend that you choose the article that explains how to use the PAB for your users’ mail client.
See the sample email below:
You may notice a new “Phish Alert Button” in your inbox today. You can use this button to report any suspicious or potentially dangerous emails. If you get a suspicious email, click the Phish Alert button and the email will be deleted from your inbox and forwarded to our IT team for analysis.
See the article linked below for information about where the Phish Alert Button is located and how to use the Phish Alert Button:
- How Do I Use the Phish Alert Button in Outlook?
- How Do I Use the Phish Alert Button for Exchange?
- How Do I Use the Phish Alert Button for Microsoft 365?
- How Do I Use the Phish Alert Button in Gmail?
By using this new button, you are helping to keep our organization safe and defend it against cyberattacks.
Thank you for your participation.
How to Test the PAB
If you would like to test your PAB to ensure that it works, we recommend that you create a PAB test campaign. In the PAB test campaign, you can test the PAB and monitor the campaign results to see if the PAB works for your users. To create the test campaign, you will create a phishing campaign with a custom template. For information on how to create a phishing campaign, see our Creating and Managing Phishing Campaigns article. For information on how to create a custom template, see our Customizing Emails & Landing Pages article.
When you create the test campaign template, you can use the following message or customize the message to your liking:
This email is to track and test every [[company_name]] employee's Phish Alert Button (PAB). Please PAB this email at this time.
If you have any issues using your PAB, please contact our IT team.
If you would like help setting up a PAB test campaign, you can contact our support team or your Customer Success Manager.