The Phish Alert Button (PAB) add-in for Microsoft Outlook, Microsoft Exchange, Microsoft 365, and Google Workspace gives your users the ability to report suspicious emails.
In this article, you will learn how to enable and configure the PAB, choose the PAB installation guide best suited for your organization, and how to set up multiple PAB instances.
To learn how installing the PAB can benefit your organization and for best practices, see our Best Practices for Phish Alert Button (PAB) Implementation article.
What Data Is Sent to Our Servers?
The PAB communicates with our API over TLS 1.2, which is securely encrypted. The external IP address, user agent, and other standard browser information are sent to us as part of the standard HTTPS communication.
The information that is sent from the user's machine to our servers is listed below:
- License Key
- PAB version
- Operating system (OS)
- Operating system architecture
- This includes 32-bit or 64 bit.
- Microsoft Outlook version
- Windows configured language
- This is the language code. For example, EN for English, DE for German, and so on.
- Operating System ID
- This is a random GUID generated for each individual workstation.
- User's email address
- We do not store your users' email addresses unless it is already in our system.
When the user reports an email that is not a simulated phishing email, the reported email will not be sent to us unless you have the Send Us a Copy setting enabled in your Account Settings. When this setting is enabled, reported emails are forwarded to us, and to the email addresses specified in your Account Settings. For more information about this setting, see the Enable and Configure PAB section below.
Enable and Configure PAB
Before you install the PAB, you will need to enable and configure the PAB in your Account Settings. To enable and configure the PAB, follow the steps below.
- Log in to your KnowBe4 console and navigate to your Account Settings screen. This screen will look different depending on your account version.
Free Version: If you have a free account, log in to your console and click the Get Started button. When you click, you will be taken to the Phish Alert Enabled screen. Skip to Step 3 for further instructions.
Paid Version: If you have a paid account, log in to your console and click on your email address in the top-right corner of the screen. Then, select Account Settings.
- Navigate to Account Integrations > Phish Alert.
- Select the Enable Phish Alert checkbox.
- Click the green Add Phish Alert Instance button.
Configure your PAB by filling out the fields in your Account Settings. For information about these fields, see below:
1. Enable Phish Alert: Select this check box if you want to enable Phish Alert Button for your account. If you deploy the PAB in your organization but you don't select this check box, your organization's PAB reports will not be recorded.
2. Icon: Upload your own custom icon for the Phish Alert Button. If you do not upload a custom icon, the default PAB icon will be used. To learn more about the image requirements for the icon, see our article on How to Change the PAB Icon article.
If you have previously installed the Phish Alert Button and this is your first time adding a custom icon, you will need to reinstall the PAB for the change to occur.
3. License Key: Use the license key to install the Phish Alert Button on your workstations. If you are using Google Apps with the Google Workspace Chrome extension, your license key is automatically built into your config .json file.
4. Send Non-Simulated Emails to: If a user reports a non-simulated email, you can send a copy of this email to specific users in your organization. To send these users a copy of these emails, enter the users' email addresses in this field. Email addresses must be separated by commas. Any simulated emails will not be forwarded.
5. Send Us a Copy: Enable this setting to send a copy of reported non-simulated phishing emails to KnowBe4 analysis. This email will include the original email header. We can use these emails to create phishing templates to use in future simulated phishing attacks. To learn more about sharing emails with us, see our Sharing Reported Phishing Emails with KnowBe4 with the Phish Alert Button (PAB) article.
6. Email Format (Outlook and Hybrid PAB Only): Select how forwarded emails from the PAB should be formatted. If you want to forward multiple attachments, configure your registry to allow the PAB to send the EML file, all original attachments, and inline images.
7. Autofill Phishing Languages with PAB Locale (Outlook and Hybrid PAB Only): If you enable this setting, the PAB will autofill your users' profiles with their preferred phishing languages if that field is blank. For more information on how to set individual user languages, see our Localization Guide.
8. Enable Email Forwarding (Outlook and Hybrid PAB Only): If you enable this setting, you will be able to forward emails to services that require email forwarding, such as Proofpoint. This setting requires that the Email Format setting be set to .MSG.
9. Forwarded Email Prefix: This prefix will be added before the original subject line when a non-simulated phishing email is forwarded to the recipients you set in the Forward Non-Simulated Phishing Emails to field.
10. Confirmation Message: This message will be displayed to users after they click the Phish Alert Button. By default, this message asks the user to confirm whether or not they want to report the email. This field has a maximum of 255 characters.
11. Show a response when the user reports a non-simulated phishing email: If you enable this setting, the user will see this message when they report a non-simulated phishing email. This field has a maximum of 469 characters for the Client PAB and 500 characters for the Server PAB.
12. Show a response when the user reports a phishing security test email (Paid Only): If you enable this setting, the user will see this message when they report a simulated phishing email. This field has a maximum of 469 characters for the Client PAB and 500 characters for the Server PAB.
13. Response Duration __ seconds: Set the length of time the email response messages appear on the screen. The maximum duration is 60 seconds.
14. Button Text: This is the text that will appear on the Phish Alert Button in the user's email client.
15. Button Group Text: This is the text will appear under the Phish Alert Button in the user's email client.
16. Add Language: Click this button to add additional languages to your Phish Alert Button instances. This feature is only compatible with specific versions of the PAB. To see if your version of the PAB is compatible with the additional languages feature, see our Adding Languages to the Phish Alert Button article.
17. Save Phish Alert Settings: Click this button to save any changes made to your Phish Alert Button settings.
18. Outlook PAB installer for Windows: Download this PhishAlert.msi installation file to download the latest version of the PAB for Microsoft Outlook.
19. PAB manifest for Microsoft products: Download this manifest file to install the PAB for Microsoft 365 or Microsoft Exchange.
20. Chrome Extension PAB config file: Download this is the config file to install the PAB for Google Workspace.
All settings, except Enable Phish Alert and Forward Non-Simulated Phishing Emails to, will be applied to the mail client once it has restarted. The updated settings for the Forward Non-Simulated Phishing Emails to option will be applied once a user clicks the PAB to report an email.
PAB Installation Guides
Installation of the PAB depends on the mail environment in your organization. Our PAB installation guides are listed below:
- Hybrid Phish Alert Button Product Manual
- This product manual is for the hybrid PAB for Microsoft 365 and Microsoft Exchange
- Gmail Add-On Product Manual
- Outlook (Client-based) Product Manual
- Google Workspace (Chrome) Product Manual
In addition to our installation guides, you can watch review our Phish Alert Button Installations and User Experiences video tutorial and review our PAB Compatibility Matrix to determine which PAB is right for your organization.
Multiple PAB Instances
You can set up multiple instances of the PAB for your organization. Setting up multiple instances allows you to define unique settings for specific users, such as prompt messages or additional languages. When you add a PAB instance, you will receive an additional license key and you can customize the instance's settings.
To set up multiple PAB instances, see the articles below:
- How to Set Up Multiple Phish Alert Button Instances
If you have a paid account, your Dashboard will display a graph that tracks how many phishing emails your users have reported. You can download a CSV file that includes the following data: the date, the number of times the PAB was used, and whether the emails were simulated or non-simulated.
You can see which phishing emails a user reported in their user profile area, as well as on the Users tab of any phishing campaign in the console.