The Phish Alert Button (PAB) add-in for Outlook gives your end-users the ability to report suspicious emails and empowers your employees to take an active role in managing the problem of phishing and other types of malicious emails. The tool can also provide your IT or risk management team with early warning of possible phishing attacks or malicious emails so they may take timely and effective actions to prevent security breaches or network compromise.
Paid Integration: If you are using our full-featured Phishing and Training console, the PAB will also track if your users report our simulated phishing emails, so you can see which users are successfully identifying potentially malicious emails
We encourage you to inform all of your users of this tool before making it accessible. Below are helpful resources that you can use to assist with your implementation of the PAB:
- Best Practices for PAB Implementation (For admins)
- How Do I Use the Phish Alert Button in Outlook? (For end-users)
For instructions on how to enable and configure your PAB in the admin portal, visit our main PAB article.
For more information on PAB's compatibility with different mail clients and servers, see our PAB Compatibility Matrix.
- Standard Installation
- Command-line Installation
- Group Policy Installation
- Shared Mailboxes Installation
- For the Outlook Client add-in, you must have the add-in installed on Windows 7/8/10 machines with Outlook 2010/2013/2016/2019 installed on both 32 and 64-bit platforms.
- .NET version 4.5.2 or newer is required.
- Port 443 TCP (SSL/HTTPS) should be open outbound for SSL/HTTPS connections to training.knowbe4.com, eu.knowbe4.com, or ca.knowbe4.com on all workstations where the add-in is installed.
- You must have administrative rights to install software on the workstation.
- You'll need the following information to enable and configure your PAB in the KnowBe4 admin portal:
- License Key
- PhishAlert.msi file (download)
- A third-party cookie may be required if you are using Internet Explorer 11 or another OWA server.
Outlook PAB can now be installed without network connection or when using a network incapable account to install. If Outlook PAB is installed or uninstalled without a network connection, the PAB will not be able to increment or decrement the installed devices count.
There are three installation methods for the PAB in Outlook Client:
The Standard installation method allows the PAB add-in to be installed by any user with the proper administrative permissions.
To begin the installation, download the PhishAlert.msi file from your KnowBe4 Account Settings and then follow the steps below:
- Double-click the file download to the setup wizard.
- Click the Next button.
- Enter your License Key found in your Account Settings.
- Click the Next button.
- Select the installation folder for the Phish Alert and click the Next button.
- To confirm the installation, click the Next button.
- Your PAB installation is complete. Click the Close button.
The Command-line installation method allows the PAB add-in to be installed using standard msiexec installation procedures and can be deployed organization-wide using Group Policy.
msiexec /quiet /i PhishAlert.msi LicenseKey=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ALLUSERS=1
This is an example License Key. You can find your License Key in your KnowBe4 account settings.
msiexec /x PhishAlert.msi
Group Policy Installation
The Group Policy installation method allows the PAB add-in to be installed and deployed organization-wide. We recommend deploying the add-in to one workstation before deploying it to the whole organization.
To begin the installation, follow the steps below:
- Create a shared folder on a server (read-only for Domain Computers):
This is a startup script, so it will run as the system account. Make sure Domain Computers have access to the shared folder you created to deploy the add-in.
- Copy the PhishAlert.msi file into this directory.
- Create a batch file named phishalert.bat, similar to the one below, in the \\server\deploy directory:
copy \\server\deploy\PhishAlert.msi C:\
msiexec /quiet /i C:\PhishAlert.msi LicenseKey=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ALLUSERS=1
- Create your GPO:
- Open the Group Policy Management Console.
- Create a new GPO under Computer Configuration.
- Navigate to Policies > Windows Settings > Scripts > Double-click Startup.
- Click the Add button.
- In the script name, write the full network path, without spaces, to your shared folder and the script bat file:
- Click OK and close the Group Policy Management Console.
- To verify the installation succeeded, open Outlook on the workstation you installed and you should see the PAB in the toolbar.
- Refresh the group policy on the client by running the gpupdate /force command from the command prompt.
- As an admin, check for the group policies installed on the workstation by running the gpresult /r command from the command prompt on the workstation.
Since the PAB will not show up in your Add/Remove programs, create a similar GPO like the above example to remove the PAB. Make sure to place the following in the batch file:
msiexec /quiet /x C:\PhishAlert.msi
Shared Mailboxes Installation
The shared mailboxes installation method allows you to use the Outlook desktop client version of PAB across your shared mailboxes. Please note that the users with shared mailbox access must be using the client MSI. In order to set up using this method, you can create a new PAB instance and download the Outlook PAB installer (PhishAlert.msi) file. You can use the license key from the new PAB instance to install the new PAB instance.
For more information, see our How to Set Up Multiple Phish Alert Button Instances article.
Once installed, the PAB add-in will appear as a button in the ribbon area of Outlook, and as a right-click option in an open email.
Outlook now offers a new UI feature that can be enabled by the New Outlook toggle at the top of the mail client.
A user can report any email as a phishing email. Once reported, one of two things will happen:
- Paid Only: If the email was a simulated phishing email from us, there will be a pop-up message telling the user that they correctly identified a simulated phishing attack. This will be reflected in the console as a Reported email.
- If the email was NOT a simulated email, but possibly an actual malicious or phishing email, the email will be forwarded to the email address(es) set in the account area of your console and the email will be attached as a .eml file for analysis by your IT security team. You can also choose to have a copy of the email forwarded to us for research and analytic purposes. We strongly encourage you to enable this option.
The reported email will be in the user's Sent Items as a forwarded message and deleted from the user's Inbox. If the user incorrectly reported the email, they can retrieve it from their Deleted items/Trash.
To instruct your users on how to use the PAB, you can provide our How Do I Use the Phish Alert Button in Outlook? article.
- Video: PAB Installation and User Experience
- PAB Compatibility Matrix
- FAQ: Phish Alert Button (PAB)
- How to Set Up Multiple Phish Alert Button Instances