Working with PhishRIP and PhishFlip

Global PhishRIP Guide

If you're a PhishER Plus customer, you can use Global PhishRIP to remove email threats from users' inboxes before they are reported in your organization. Global PhishRIP uses criteria from multiple sources to find and remove similar email threats from your users' inboxes automatically. With this feature, you can help prevent active phishing attacks from entering any inboxes associated with your Microsoft 365 mail server.

Important: You must enable PhishRIP and the Global Blocklist to use Global PhishRIP. For more information, see our How to Use PhishRIP and How to Use the Global Blocklist articles.

To enable Global PhishRIP, see the steps below:

  1. Log in to your PhishER platform.
  2. Navigate to Settings > Blocklist.
  3. Under Find Similar Messages, select the Initiate PhishRIP queries for new Global Blocklist entries check box.
  4. (Optional) Select the Automatically quarantine all found messages check box. This option will move similar emails to the Quarantine folder in the inboxes where they were discovered.
  5. Click Save.

Your mail server will use criteria from active Global Blocklist entries to find similar emails that your users received during the last 72 hours. Global PhishRIP queries will only be created from Global Blocklist entries that use sender or URL attributes.

Your Global PhishRIP queries will display along with other PhishRIP queries on the PhishRIP Queries page. KnowBe4 - Global Blocklist will display in the Originator column for Global PhishRIP queries.

For more information on PhishRIP queries, see the PhishRIP Queries section of our How to Use PhishRIP article.

Can't find what you're looking for?

Contact Support