The Phish Alert Button (PAB) add-in for Outlook gives your end-users the ability to report suspicious emails and empowers your employees to take an active role in managing the problem of phishing and other types of malicious emails. The tool can also provide your IT or risk management team with early warning of possible phishing attacks or malicious emails so they may take timely and effective actions to prevent security breaches or network compromise.
We encourage you to inform all of your users of this tool before making it accessible. Below are helpful resources that you can use to assist with your implementation of the PAB:
- Best Practices for PAB Implementation (For admins)
- How Do I Use the Phish Alert Button in Outlook? (For end-users)
Paid Integration: If you are using our full-featured Phishing and Training console, the PAB will also track if your users report our simulated phishing emails, so you can see which users are successfully identifying potentially malicious emails.
- The Outlook Client add-in can be installed on Windows 7/8/10 machines with Outlook 2010/2013/2016 installed on both 32 and 64-bit platforms.
- .NET version 4.5.2 or newer is required.
- Port 443 TCP (SSL/HTTPS) should be open outbound for SSL/HTTPS connections to training.knowbe4.com or eu.knowbe4.com (depending on where your KnowBe4 account is located) on all workstations where the add-in is installed so it can connect to our servers.
- Administrative rights to install software on the workstation.
- In the admin portal, you must enable and configure your PAB. While in the admin portal, you will also need the following items to begin installation:
- License key
- PhishAlert.msi file (download)
For instructions on how to enable and configure your PAB in the admin portal, visit our main PAB article.
Microsoft disables the use of add-ins in shared mailboxes and folders. Users will only be able to access the PAB add-in from their primary mailbox.
There are three installation methods for the PAB in Outlook Client:
The standard installation method allows the PAB add-in to be installed by any user with proper admin permissions. To begin the install, download the PhishAlert.msi file locally from your Account Settings. Double-click the file download to launch the setup wizard, and then follow the steps below:
Step 1: Click the "Next" button.
Step 2: Enter your License Key. This information can be found in your Account Settings.
Step 3: Click the "Next" button.
Step 4: Select the installation folder for the Phish Alert and click the "Next" button.
Step 5: To confirm the installation, click the "Next" button.
Step 6: Your PAB installation is complete. Click the "Close" button.
The command-line installation method allows the PAB add-in to be installed using standard msiexec installation procedures and can be deployed organization-wide using Group Policy.
msiexec /quiet /i PhishAlert.msi LicenseKey=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ALLUSERS=1
This is an example License Key. You can find your License Key under your account settings.
msiexec /x PhishAlert.msi
Group Policy installation
The group policy installation method allows the PAB add-in to be installed and deployed organization-wide. We recommend deploying the add-in to one workstation before deploying to the whole organization. To do this, follow the steps below:
Step 1: Create a shared folder on a server (read-only for Domain Computers). Example:
This is a startup script, so it will run as the system account. Make sure Domain Computers have access to the shared folder you create.
Step 2: Copy the PhishAlert.msi file into this directory.
Step 3: Create a batch file in this directory: phishalert.bat (making a copy to the C drive is not mandatory).
copy \\server\deploy\PhishAlert.msi C:\
msiexec /quiet /i C:\PhishAlert.msi LicenseKey=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ALLUSERS=1
Step 4: Create your GPO:
- Open the Group Policy Management Console.
- Create a new GPO under Computer Configuration.
- Navigate to Policies > Windows Settings > Scripts > Double-click "Startup".
- Click the "Add" button.
- In the script name, write the full network path to your shared folder and script bat file. Example:
Do not include any spaces in the network path. If the network path has any spaces, the GPO will fail to install.
Step 5: Click "OK" and close the Group Policy Management Console.
- Refresh the group policy on the client by running the gpupdate /force command from the command prompt.
- Check for the group policies installed on the workstation by running the gpresult /r command from the command prompt on the workstation (as an admin).
PAB will not show up in your Add/Remove programs. To remove it, create a similar GPO like above, but place this in the batch file:
msiexec /quiet /x C:\PhishAlert.msi LicenseKey=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
To verify the installation succeeded, open Outlook on the workstation you installed and you should see the PAB in the toolbar.
Once installed, the PAB add-in will appear as a button in the ribbon area of Outlook, and as a right-click option in an open email.
A user can report any email as a phishing email. Once reported, one of two things will happen:
- Paid Only: If the email was a simulated phishing email from us, there will be a pop-up message telling the user that they correctly identified a simulated phishing attack. This will be reflected in the console as a Reported email.
- If the email was NOT a simulated email, but possibly an actual malicious or phishing email, the email will be forwarded to the email address(es) set in the account area of your console and the email will be attached as a .eml file for analysis by your IT security team. Optionally, you can choose to have a copy of the email forwarded to us for research and analytic purposes. We strongly encourage you to enable this option.
The reported email will be in the user's Sent Items as a forwarded message and deleted from the user's Inbox. If the user incorrectly reported the email, they can retrieve it from their Deleted items/Trash.
To instruct your users on how to use the PAB, you can provide our How Do I Use the Phish Alert Button in Outlook? article.