The Phish Alert Button (PAB) add-in for Microsoft Outlook, Exchange, Microsoft 365, and Google Workspace (formerly G Suite) gives your users the ability to report suspicious emails. The PAB allows your employees to take an active role in managing the problem of phishing and other types of malicious emails. The PAB can provide your IT security team with an early warning of possible phishing attacks or malicious emails so that they can take effective action to prevent security or network compromise.
To learn how installing the PAB can benefit your organization and for best practices for implementation, visit our Best Practices for PAB Implementation article.
Paid Integration: If you are a KMSAT customer and are using our Phishing feature, the PAB can track if your users are identifying and reporting our simulated phishing emails.
PAB Installation Guides
Installation of the PAB depends on the mail environment in your organization. Below are our PAB installation guides:
- Hybrid PAB (Microsoft and Exchange) Product Manual
- Gmail Add-On Product Manual
- Outlook (Client-based) Product Manual
- Google Workspace (Chrome) Product Manual
In addition to our installation guides, you can review our PAB installation video tutorial and review our PAB Matrix to determine which PAB is right for your organization:
We recommend enabling and configuring your PAB before starting the installation process. Learn how to do this by visiting our Enable and configure Phish Alert section.
Enable and Configure PAB
Step 1: Log in to your KnowBe4 account and go to your Account Settings screen. This screen will look different depending on your account version.
Free Version: Log in to your console and click the Get Started button. This will take you to the Phish Alert Enabled screen. Skip to Step 3 for further instruction.
Paid Version: Log in to your console and click on your email address in the top-right corner of the screen. Select the Account Settings button.
Step 2: Go to Account Integrations > Phish Alert and click the Enable Phish Alert checkbox.
Step 3: Click the green Add Phish Alert Instance button.
Step 4: Configure your PAB by filling out the fields. Each field is described below:
1) Enable Phish Alert - Check this box if you want to enable Phish Alert for your account. If the checkbox is not checked but you have deployed Phish Alert in your organization, no reporting will be recorded.
2) Icon - Upload your own custom icon for the Phish Alert Button. If left blank, the default PAB icon will be used. To learn more about the image requirements for the icon, visit our article on How to Change the PAB Icon.
If you have previously installed the Phish Alert Button and this is your first time adding a custom icon, you will need to reinstall the PAB for the change to take effect.
3) License Key - Use the license key you will use to install the Phish Alert Button on your workstations. If you are using Google Apps with the Google Workspace Chrome Extension, your license key it is automatically built into your .json Config file.
4) Send Non-Simulated Emails to - Enter an email address to send a copy of the user reports a non-simulated phishing email, including the original headers as an attachment to the email addresses in this field. Emails must be separated by commas.
5) Send Us a Copy - Send a copy of the user reported non-simulated phishing email, including the original email headers, to KnowBe4 for analysis. We can use these emails to create phishing templates to use in future simulated phishing attacks. To learn more about sharing emails with us, visit our Sharing Reported Phishing Emails with KnowBe4 with the Phish Alert Button article.
6) Email Format - Select how forwarded emails from the PAB should be formatted. If you want to forward multiple attachments, configure your registry to allow the PAB to send the EML file, all original attachments, and inline images.
7) Enable Email Forwarding - When enabled, this option allows you to forward emails to services that require email forwarding, such as Proofpoint.
8) Forwarded Email Prefix - This prefix will be added before the original subject line when a non-simulated phishing email is forwarded to the recipients you set in the Forward Non-Simulated Phishing Emails to field.
9) Confirmation Message - This message will be displayed to the user after they click the Phish Alert Button. By default, this message asks the user to confirm whether or not they want to report the email. The maximum number of characters for this field is 255.
10) Show a response when the user reports a non-simulated phishing email - When enabled, this message will be displayed to the user when they report a non-simulated phishing email. For this field, the maximum number of characters is 469 for the Client PAB and 500 for the Server PAB.
11) Show a response when the user reports a phishing security test email (Paid Only) - When enabled, the message will be displayed to the user when they report a phishing email that was a simulated phishing email. For this field, the maximum number of characters is 469 for the Client PAB and 500 for the Server PAB.
12) Response Duration __ seconds - Set the length of time the email response messages The maximum duration length is 60 seconds.
13) Button Text - The text that will appear on the Phish Alert Button in the user email client.
14) Button Group Text - The label that will appear under the Phish Alert Button in the user email client.
15) Add Language - Click this button to add additional languages to your Phish Alert Button instances. To see if your version of the PAB is compatible with the additional languages feature, visit the Adding Languages to the Phish Alert Button Guide.
16) Save Phish Alert Settings - Click this button to save any changes made to your Phish Alert Button.
17) Outlook PAB installer for Windows - Use the PhishAlert.msi installation file to download the latest version of the PAB for Outlook.
18) PAB manifest for Microsoft products - Use this manifest file to install the PAB for Microsoft 365 or Exchange.
19) Chrome Extension PAB config file - This is the config file to install the PAB for Google Workspace.
All settings, except Enable Phish Alert and Forward Non-Simulated Phishing Emails to, will be applied to the mail client once it is restarted. The updated settings for the Forward Non-Simulated Phishing Emails to option are applied once a user clicks the PAB to report an email.
Multiple PAB instances
You can set up multiple instances of the PAB for your organization to define unique settings for specific end-users, such as prompt messages or languages. Adding another PAB instance gives you an additional license key for your new instance and a new set of editable settings.
Instructions for setting up multiple PAB instances will vary depending on your mail client. To help get you started, see the articles below:
- Setting Up Multiple Phish Alert Button Instances for Your Organization
Your organization can use the Phish Alert Button to report suspected phishing emails with a free or paid KnowBe4 account. The PAB offers additional information on your users' clicks based on your account type.
The console Dashboard displays a graph that tracks how many phishing emails are being reported by your users. You can download a CSV of this data, which will include the date and number of times the PAB was used by your users.
The console Dashboard displays a graph tracking how many phishing emails are being reported by your users. A CSV can be downloaded that includes the following data: the date, the number of times the PAB was used, and whether the emails were simulated or non-simulated.
Individual phishing campaign reports include a checkmark under the Reported column if a user reports a simulated phishing email from that campaign. These checkmarks allows admins to see which users are correctly identifying potential threats.
You can see which phishing emails a user reported in their user profile area, as well as on the Users tab of any phishing campaign in the console.
What Data is Sent to our Servers?
The PAB communicates with our API over TLS 1.2, which is securely encrypted. The external IP address, user agent, and other standard browser information are sent to us as part of the standard HTTPS communication.
Listed below is the information that is sent from your user's machine to our servers:
- License Key
- PAB Version
- Operating System
- Operating System Architecture (32 or 64 bit)
- Outlook Version
- Windows configured language
- The language code such as EN for English. DE for German, and so on.
- OS ID
- A random GUID generated for each individual workstation.
- User's email address
We do not store your users' email addresses unless it is already in our system.
When the user reports an email that is not a simulated phishing test, the reported email will not be sent to us unless you have the Send Us a Copy setting enabled in your Account Settings. When enabled, the email is forwarded to the email addresses directly from your user's email client. The process is similar to when a user presses the Forward button.