Phish Alert Button (PAB) Guide for Outlook, Exchange, Office 365, and GSuite
The Phish Alert Button (PAB) add-in for Microsoft Outlook, Exchange, Office 365, and Google Apps/GSuite gives end-users the ability to report suspicious emails. PAB allows your employees to take an active role in managing the problem of Phishing and other types of malicious emails. This will provide IT with early warning of possible phishing attacks or malicious emails to take effective action to prevent security or network compromise.
If you want to know how a PAB installation can benefit your organization or best practices for implementation, visit our Best Practices for PAB Implementation article.
Paid Integration: If you are using our full-featured Phishing console, the PAB will also track if your users report our simulated phishing emails, so you can see which users are successfully identifying potentially malicious emails.
Jump to:
PAB installation guides
Enable and configure PAB
Multiple PAB instances
PAB reporting
Data the add-in sends to our servers
PAB compatibility matrix
PAB installation guides
Installation of the PAB depends on the mail environment in your organization. Below are our main installation guides:
- Exchange (Server-based) install
- Office 365 (Server-based) install
- Outlook (Client-based) install
- GSuite extension install (Chrome)
In addition to our installation guides, you can review our PAB installation video tutorial:
Note:
We recommend enabling and configuring your PAB before starting the installation process. Learn how to do this by visiting our Enable and configure Phish Alert section.
Enable and Configure PAB
Step 1: Log in to your KnowBe4 account and navigate to your Account Settings screen. This screen will look different depending on your account version.
-
Free Version: Log in to your console and click the "Get Started" button. This will take you to the Phish Alert Enabled screen. Skip to Step 3 for further instruction.
-
Paid Version: Log in to your console and click on your email address in the top-right corner of the screen. Choose “Account Settings” to enter the Account Settings area.
Step 2: Scroll down to the Phish Alert section and check the Phish Alert Enabled checkbox.
Step 3: Configure your PAB by filling out the corresponding fields. Each field is described below.
1) Enabled - check this box if you want to enable Phish Alert for your account. If the checkbox is not checked but you have deployed Phish Alert in your organization, no reporting will be recorded.
2) Icon - use this option to upload your own custom icon for the Phish Alert Button. The image must be PNG format, should be less than 1 MB in size, and should be a square image between 32 x 32 and 256 x 256 pixels. If left blank, the default PAB icon will be used. For more information, see our article on how to change the PAB icon.
Please note if you have previously installed the Phish Alert Button and this is your first time adding a custom icon, you will need to reinstall the PAB for the change to take effect.
3) License Key - this is the license key you will use to install Phish Alert on your workstations. For Google Apps/GSuite Chrome Extension installations, you will not need this, as it is built into your .json Config file automatically.
4) Forward non-simulated phishing emails to - when the user reports a non-simulated phishing email, a copy of the email including the original headers as an attachment will be forwarded to these email addresses. List the emails here with comma separation.
5) Send us a copy - when the user reports a non-simulated phishing email, a copy of the message including original email headers will be forwarded to us. We can then analyze and even create phishing templates to use in simulated phishing attacks.
6) Forwarded email prefix - when a non-simulated phishing email is forwarded to the recipients you set above, this prefix will be added before the original subject line.
7) Show a message when the user reports a non-simulated phishing email - when enabled, the message will be displayed to the user when they report a non-simulated phishing email. When creating your custom message, be mindful of the maximum character count - Client PAB (469 characters) and Server PAB (500 characters).
8) Paid Only: Show a message when the user reports a phishing security test email - when enabled, the message will be displayed to the user when they report a phishing email that was a simulated phishing email. When creating your custom message, be mindful of the maximum character count - Client PAB (469 characters) and Server PAB (500 characters).
9) Button text - the text that will appear on the Phish Alert button in the user email client.
10) Button group text - the label that will appear under the Phish Alert button in the user email client.
11) Download Outlook add-in installer - the link you use to download the latest version of Phish Alert for Outlook.
12) Download manifest for Exchange 2013, 2016 - this is the manifest file for installation of the add-in for Exchange 2013, 2016.
13) Download manifest for Office 365 (supports mobile) - this is the manifest file for installation of the add-in for Office 365 and the Outlook mobile app (Android and iOS).
14) Download Config file for Chrome Extension - download this file if you're installing the Phish Alert on your organization's Google Apps/GSuite.
Note:
All settings, except Enabled and Forward non-simulated phishing emails to, will be applied to the mail client once it is restarted. For the email address(es) being forwarded the reported phishing emails, the settings will be applied once a user clicks the PAB to report an email.
Multiple PAB instances
You can set up multiple instances of the PAB for your organization to define unique settings (prompt messages, languages, or other) for specific end-users. Adding another PAB instance provides you with an additional license key for your new instance and a new set of editable settings.
Instructions for setting up multiple PAB instances will vary depending on your mail client. To help get you started, review the articles below:
- Setting Up Multiple Phish Alert Button Instances for Your Organization
- Multi-PAB: How to Set Up Multiple PAB Instances in Exchange or Office 365
- Multi-PAB: How to Set Up Multiple PAB Instances in Google Suite
PAB reporting
Free Version: The console Dashboard will display a graph tracking how many phishing emails are being reported by your users. You can download a CSV of this data, which will include the date and number of times the PAB was used by your users.
Paid Version: The console Dashboard will display a graph tracking how many phishing emails are being reported by your users, and whether these emails are simulated or non-simulated (potential real phishing attacks). You can download a CSV of this data, which will include the date and number of times the PAB was used by your users, and if the reported emails are simulated or non-simulated.
All individual phishing campaign reports will include a check mark under the Reported column (see below) if a user reports a simulated phishing email from that campaign. This allows Admins to see which users are correctly identifying potential threats and paying attention to their inbox.
You can see which phishing emails a user reported in their user profile area, as well as in the "Users" tab of any phishing campaign in the console.
Example of a user profile showing reported phishing emails:
Data the add-in sends to our servers
The add-in communicates with our API over SSL, which is always securely encrypted. The external IP address, user agent, and other standard browser information are sent to us as part of the standard HTTPS communication.
Information sent from the user's machine to our servers:
- License Key
- Add-in Version
- Operating System
- Operating System Architecture (32 or 64 bit)
- Outlook Version
- Windows configured language (EN, DE, etc.)
- OS ID - random GUID generated for each individual workstation
- User's email address (we don't store it unless it is already in our system)
When the email is not a phishing security test and the user clicks the PAB, the reported email is never sent to us (unless you explicitly allow that in your account settings). Rather, the add-in communicates with our servers to retrieve the email address(es) the reported email needs to be forwarded to. The email is then forwarded to the email address(es) straight from the email client. The process is similar to when a user presses the Forward button.
PAB compatibility matrix
Office 365 |
|
MICROSOFT WINDOWS |
||
|
Outlook 2019 Outlook 2016 (Click-to-Run) |
Compatible Compatible Compatible |
|
|
APPLE OSX |
Outlook 2016 |
Compatible |
|
ANDROID |
Outlook mobile app |
Compatible |
|
IOS |
Outlook mobile app |
Compatible |
Note: Office 365 PAB is also available for Exchange Server 2016 (Hybrid only) - version 15.1.544.27 (CU3) or newer.
Installation guide: Phish Alert Button Guide for the Outlook Mobile App (iOS and Android) and Office 365
|
Exchange Version |
|||||
|
2013 |
2016 |
Office 365 |
|||
|
MICROSOFT WINDOWS |
|||||
|
Outlook 2013 |
Compatible |
Compatible |
Compatible |
||
|
Outlook 2016 |
Compatible |
Compatible |
Compatible |
||
|
Outlook 2019 |
Compatible |
||||
|
APPLE OSX |
|||||
|
Outlook 2016 |
Compatible |
Compatible |
Compatible |
||
|
WEB BROWSER BASED |
OWA/Outlook Online* |
Compatible |
Compatible |
Compatible |
|
*Exchange (Server-based) PAB is not compatible with Outlook Online when The new Outlook toggle is turned on.
Note: Server PAB is also supported for Mac Outlook 2016 on OSX High Sierra (version 10.13 or newer).
Installation guide: Phish Alert Button Guide for Exchange 2013/2016 (Server-based)
|
MICROSOFT WINDOWS |
|
|
Outlook 2010 |
Compatible |
|
Outlook 2013 |
Compatible |
|
Outlook 2016 |
Compatible |
|
Outlook 2019 |
Compatible |
Installation guide: Phish Alert Button Guide for Outlook (Client-based)
The G Suite PAB (GPAB) Chrome extension is compatible with Chrome browsers used in G Suite-managed environments. The GPAB is not compatible with mobile devices or applications.
Installation guide: Phish Alert Button Guide for Google Suite
Comments
0 comments
Article is closed for comments.