Menu English (US) Čeština Dansk Deutsch Español (Latinoamérica) Español (España) Suomi Français (Canada) Français (France) हिंदी Magyar Bahasa Indonesia Italiano 日本語 한국어 Bahasa Melayu Nederlands Norsk Polski Português do Brasil Română Русский svenska Kiswahili ไทย Türkçe Українська Tiếng Việt 简体中文 中文 (香港) 繁體中文

Phish Alert Button Guide for Outlook (Client-based)

Avatar
Orlandria Heggs
Updated
Follow

How to Install and Use Phish Alert Button for Outlook

The Phish Alert Button (PAB) add-in for Outlook gives your end-users the ability to report suspicious emails and empowers your employees to take an active role in managing the problem of phishing and other types of malicious emails. The tool can also provide your IT or risk management team with early warning of possible phishing attacks or malicious emails so they may take timely and effective actions to prevent security breaches or network compromise.

Paid Integration: If you are using our full-featured Phishing and Training console, the PAB will also track if your users report our simulated phishing emails, so you can see which users are successfully identifying potentially malicious emails

We encourage you to inform all of your users of this tool before making it accessible. Below are helpful resources that you can use to assist with your implementation of the PAB:

For instructions on how to enable and configure your PAB in the admin portal, visit our main PAB article.

Note:

For more information on PAB's compatibility with different mail clients and servers, click here.

 

Jump to:
Installation Prerequisites
Installation Methods

User Experience
 Additional Resources

 

Installation Prerequisites

  • For the Outlook Client add-in, you must have the add-in installed on Windows 7/8/10 machines with Outlook 2010/2013/2016/2019 installed on both 32 and 64-bit platforms.
  • .NET version 4.5.2 or newer is required.
  • Port 443 TCP (SSL/HTTPS) should be open outbound for SSL/HTTPS connections to training.knowbe4.com or eu.knowbe4.com on all workstations where the add-in is installed.
  • You must have administrative rights to install software on the workstation.
  • You'll need the following information to enable and configure your PAB in the KnowBe4 admin portal:
    • License Key
    • PhishAlert.msi file (download)
  • A third-party cookie may be required if you are using Internet Explorer 11 or another OWA server.

 

Installation Methods

There are three installation methods for the PAB in Outlook Client:

Back to top

 

Standard Installation

The Standard installation method allows the PAB add-in to be installed by any user with the proper administrative permissions.

To begin the installation, download the PhishAlert.msi file from your KnowBe4 Account Settings and then follow the steps below:

  1. Double-click the file download to the setup wizard.
  2. Click the Next button.

  3. Enter your License Key found in your Account Settings.
  4. Click the Next button.

  5. Select the installation folder for the Phish Alert and click the Next button.

  6. To confirm the installation, click the Next button.

  7. Your PAB installation is complete. Click the Close button.

Back to top

 

Command-line Installation

The Command-line installation method allows the PAB add-in to be installed using standard msiexec installation procedures and can be deployed organization-wide using Group Policy.

Installation command:

msiexec /quiet /i PhishAlert.msi LicenseKey=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ALLUSERS=1

Note:

This is an example License Key. You can find your License Key in your KnowBe4 account settings.

Removal command:

msiexec /x PhishAlert.msi

Back to top

 

Group Policy Installation

The Group Policy installation method allows the PAB add-in to be installed and deployed organization-wide. We recommend deploying the add-in to one workstation before deploying it to the whole organization.

To begin the installation, follow the steps below:

  1. Create a shared folder on a server (read-only for Domain Computers):

    C:\deploy

    Shared to:

    \\server\deploy

    Note:

    This is a startup script, so it will run as the system account. Make sure Domain Computers have access to the shared folder you created to deploy the add-in.

  2. Copy the PhishAlert.msi file into this directory.
  3. Create a batch file named phishalert.bat, similar to the one below, in the \\server\deploy directory:

    copy \\server\deploy\PhishAlert.msi C:\

    msiexec /quiet /i C:\PhishAlert.msi LicenseKey=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ALLUSERS=1
    del C:\PhishAlert.msi

  4. Create your GPO:
    1. Open the Group Policy Management Console.
    2. Create a new GPO under Computer Configuration.
    3. Navigate to Policies > Windows Settings > Scripts > Double-click Startup.
    4. Click the Add button.
    5. In the script name, write the full network path, without spaces, to your shared folder and the script bat file:

      \\server\deploy\phishalert.bat

  5. Click OK and close the Group Policy Management Console.
  6. To verify the installation succeeded, open Outlook on the workstation you installed and you should see the PAB in the toolbar.

Helpful commands:

  • Refresh the group policy on the client by running the gpupdate /force command from the command prompt.
  • As an admin, check for the group policies installed on the workstation by running the gpresult /r command from the command prompt on the workstation.

Removal:

Since the PAB will not show up in your Add/Remove programs, create a similar GPO like the above example to remove the PAB. Make sure to place the following in the batch file:

msiexec /quiet /x C:\PhishAlert.msi

Back to top

 

User Experience

Once installed, the PAB add-in will appear as a button in the ribbon area of Outlook, and as a right-click option in an open email.

 

Outlook now offers a new UI feature that can be enabled by the New Outlook toggle at the top of the mail client. 

 

A user can report any email as a phishing email. Once reported, one of two things will happen:

    1. Paid Only: If the email was a simulated phishing email from us, there will be a pop-up message telling the user that they correctly identified a simulated phishing attack. This will be reflected in the console as a Reported email.

    2. If the email was NOT a simulated email, but possibly an actual malicious or phishing email, the email will be forwarded to the email address(es) set in the account area of your console and the email will be attached as a .eml file for analysis by your IT security team. You can also choose to have a copy of the email forwarded to us for research and analytic purposes. We strongly encourage you to enable this option.

The reported email will be in the user's Sent Items as a forwarded message and deleted from the user's Inbox. If the user incorrectly reported the email, they can retrieve it from their Deleted items/Trash.

To instruct your users on how to use the PAB, you can provide our How Do I Use the Phish Alert Button in Outlook? article.

Back to top

 

Additional Resources

Back to top

 

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.

Related articles