Phish Alert Button (PAB) Guide for Outlook, Exchange, Microsoft 365, and Google Workspace
The Phish Alert Button (PAB) add-in for Microsoft Outlook, Exchange, Microsoft 365, and Google Workspace (formerly G Suite) gives your users the ability to report suspicious emails. The PAB allows your employees to take an active role in managing the problem of phishing and other types of malicious emails. This can provide your IT security team with an early warning of possible phishing attacks or malicious emails so they can take effective action to prevent security or network compromise.
If you want to know how a PAB installation can benefit your organization or best practices for implementation, visit our Best Practices for PAB Implementation article.
Paid Integration: If you are a KMSAT customer and are using our Phishing feature, the PAB will also track if your users report our simulated phishing emails. You can then see which users are successfully identifying potentially malicious emails.
Jump to:
PAB Installation Guides
Enable and Configure PAB
Multiple PAB Instances
PAB Reporting
Data the PAB Sends to our Servers
PAB Compatibility Matrix
PAB Installation Guides
Installation of the PAB depends on the mail environment in your organization. Below are our main installation guides:
- Exchange (Server-based) install
- Microsoft 365 (Server-based) install
- Outlook (Client-based) install
- Google Workspace extension install (Chrome)
In addition to our installation guides, you can review our PAB installation video tutorial:
Note:
We recommend enabling and configuring your PAB before starting the installation process. Learn how to do this by visiting our Enable and configure Phish Alert section.
Enable and Configure PAB
Step 1: Log in to your KnowBe4 account and navigate to your Account Settings screen. This screen will look different depending on your account version.
-
Free Version: Log in to your console and click the Get Started button. This will take you to the Phish Alert Enabled screen. Skip to Step 3 for further instruction.
-
Paid Version: Log in to your console and click on your email address in the top-right corner of the screen. Select the Account Settings button.
Step 2: Navigate to the Phish Alert section and click the Enable Phish Alert checkbox.
Step 3: Configure your PAB by filling out the fields. Each field is described below:
1) Enable Phish Alert - Check this box if you want to enable Phish Alert for your account. If the checkbox is not checked but you have deployed Phish Alert in your organization, no reporting will be recorded.
2) Icon - Use this option to upload your own custom icon for the Phish Alert Button. The image must be PNG format, should be less than 1 MB in size, and should be a square image between 32 x 32 and 256 x 256 pixels. If left blank, the default PAB icon will be used. For more information, see our article on how to change the PAB icon.
If you have previously installed the Phish Alert Button and this is your first time adding a custom icon, you will need to reinstall the PAB for the change to take effect.
3) License Key - This is the license key you will use to install the Phish Alert Button on your workstations. For Google Apps/Google Workspace Chrome Extension installations, you will not need this, as it is built into your .json Config file automatically.
4) Forward Non-Simulated Phishing Emails to - When the user reports a non-simulated phishing email, a copy of the email including the original headers as an attachment will be forwarded to these email addresses. Emails must be separated by commas.
5) Send Us a Copy - When the user reports a non-simulated phishing email, a copy of the message including original email headers will be forwarded to us. We can then analyze and even create phishing templates to use in future simulated phishing attacks. To learn more about sharing emails with us, please see our Sharing Reported Phishing Emails with KnowBe4 with the Phish Alert Button article.
6) Email Format - This setting is used to select how forwarded emails from the PAB will be formatted. Currently, only Microsoft 365 PAB supports choosing MSG as an attachment format. If you want to forward multiple attachments, configure your registry to allow the PAB to send the EML file, all original attachments, and inline images.
7) Forwarded Email Prefix - This prefix will be added before the original subject line when a non-simulated phishing email is forwarded to the recipients you set in Step 4.
8) Confirmation Message - This message will be displayed to the user after they click the Phish Alert Button, asking them to confirm whether or not they want to report the email. The maximum number of characters for this field is 255.
9) Show a response when the user reports a non-simulated phishing email - When enabled, this message will be displayed to the user when they report a non-simulated phishing email. For this field, the maximum number of characters is 469 for the Client PAB and 500 for the Server PAB.
10) Show a response when the user reports a phishing security test email (Paid Only) - When enabled, the message will be displayed to the user when they report a phishing email that was a simulated phishing email. For this field, the maximum number of characters is 469 for the Client PAB and 500 for the Server PAB.
11) Response Duration __ seconds (Microsoft 365/Google PAB Only) - Use this field to set the length of time the simulated and non-simulated phishing email response messages display after a user reports an email using the PAB. The maximum duration length is 60 seconds.
12) Button Text - The text that will appear on the Phish Alert Button in the user email client.
13) Button Group Text - The label that will appear under the Phish Alert Button in the user email client.
14) Add Language - Click this button to add additional languages to your Phish Alert Button instances. To learn more, please visit the Adding Languages to the Phish Alert Button Guide.
15) Save Phish Alert Settings - Click this button to save any changes made to your Phish Alert Button.
16) Outlook PAB installer for Windows - This is the link to download the latest version of the PAB for Outlook.
17) Exchange 2013, 2016 PAB manifest - This is the manifest file to install the PAB for Exchange 2013, 2016.
18) Microsoft 365 and Outlook Mobile App PAB manifest - This is the manifest file to install the PAB for Microsoft 365 or the Outlook mobile app (Android and iOS).
19) Chrome Extension PAB config file - This is the config file to install the PAB for Google Workspace.
Note:
All settings, except Enable Phish Alert and Forward Non-Simulated Phishing Emails to, will be applied to the mail client once it is restarted.
Updated settings for the Forward Non-Simulated Phishing Emails to option will be applied once a user clicks the PAB to report an email.
Multiple PAB instances
You can set up multiple instances of the PAB for your organization to define unique settings (such as prompt messages or languages) for specific end-users. Adding another PAB instance provides you with an additional license key for your new instance and a new set of editable settings.
Instructions for setting up multiple PAB instances will vary depending on your mail client. To help get you started, see the articles below:
- Setting Up Multiple Phish Alert Button Instances for Your Organization
- Multi-PAB: How to Set Up Multiple PAB Instances in Exchange or Microsoft 365
- Multi-PAB: How to Set Up Multiple PAB Instances in Google Suite
PAB reporting
Free Version: The console Dashboard will display a graph tracking how many phishing emails are being reported by your users. You can download a CSV of this data, which will include the date and number of times the PAB was used by your users.
Paid Version: The console Dashboard will display a graph tracking how many phishing emails are being reported by your users and whether these emails are simulated or non-simulated (potential real phishing attacks). You can download a CSV of this data, which will include the date and number of times the PAB was used by your users. It will also include whether the emails were simulated or non-simulated.
All individual phishing campaign reports will include a checkmark under the Reported column (see below) if a user reports a simulated phishing email from that campaign. This allows admins to see which users are correctly identifying potential threats and paying attention to their inbox.
You can see which phishing emails a user reported in their user profile area, as well as in the Users tab of any phishing campaign in the console.
Example of a user profile showing reported phishing emails:
Data the PAB Sends to our Servers
The PAB communicates with our API over TLS 1.2, which is always securely encrypted. The external IP address, user agent, and other standard browser information are sent to us as part of the standard HTTPS communication.
See below for the information sent from the user's machine to our servers:
- License Key
- PAB Version
- Operating System
- Operating System Architecture (32 or 64 bit)
- Outlook Version
- Windows configured language (EN, DE, etc.)
- OS ID - random GUID generated for each individual workstation
- User's email address (we don't store it unless it is already in our system)
When the email is not a phishing security test and the user clicks the PAB, the reported email is never sent to us (unless you explicitly allow that in your Account Settings). Instead, the PAB communicates with our servers to retrieve the email addresses that the reported email needs to be forwarded to. The email is then forwarded to the email addresses directly from your user's email client. The process is similar to when a user presses the Forward button.
PAB Compatibility Matrix
- Microsoft 365 (Server-based)
- Exchange (Server-based)
- Outlook (Client-based)
- Google Workspace Extension
Microsoft 365 |
|
MICROSOFT WINDOWS |
||
|
Outlook 2019 Outlook 2016 (Click-to-Run) |
Compatible Compatible Compatible |
|
|
APPLE OSX |
Outlook 2016 |
Compatible |
|
ANDROID |
Outlook mobile app |
Compatible |
|
IOS |
Outlook mobile app |
Compatible |
Note: Microsoft 365 PAB is also available for Exchange Server 2016 (Hybrid only) - version 15.1.544.27 (CU3) or newer.
Installation guide: Phish Alert Button Guide for the Outlook Mobile App (iOS and Android) and Microsoft 365
|
Exchange Version |
|||||
|
2013 |
2016 |
2019 |
Microsoft 365 |
||
|
MICROSOFT WINDOWS* |
|||||
|
Outlook 2013 |
Compatible |
Compatible |
Compatible |
Compatible |
|
|
Outlook 2016 |
Compatible |
Compatible |
Compatible |
Compatible |
|
|
Outlook 2019 |
Compatible |
Compatible |
|||
|
APPLE OSX** |
|||||
|
Compatible |
Compatible |
Compatible (until version 16.23) |
|||
*If your users are using Outlook Online, the Exchange version of PAB will not display.
**Note: Server PAB is supported for Mac Outlook 2016 only up until version 16.23 on OSX High Sierra (version 10.13 or newer).
Installation guide: Phish Alert Button Guide for Exchange 2013/2016 (Server-based)
|
MICROSOFT WINDOWS |
|
|
Outlook 2010 |
Compatible |
|
Outlook 2013 |
Compatible |
|
Outlook 2016 |
Compatible |
|
Outlook 2019 |
Compatible |
*Internet Explorer 11 and some other OWA servers require third-party cookies to be enabled.
Installation guide: Phish Alert Button Guide for Outlook (Client-based)
The Google Workspace PAB (GPAB) Chrome extension is compatible with Chrome browsers used in Google Workspace-managed environments. The GPAB is not compatible with mobile devices or applications.
Installation guide: Phish Alert Button Guide for Google Workspace
Comments
0 comments
Article is closed for comments.