How to Use the Phish Alert Button in Gmail
Your organization may have recently installed the Phish Alert Button (PAB) in your Chrome browser. Learn how this tool works and how you can use it to help keep your organization safe from malicious phishing emails.
When do I use it?
Click the PAB anytime you believe you have received a phishing email or any potentially dangerous email. Any emails you report using the PAB will be automatically deleted from your inbox. The emails you report will also be forwarded to a designated contact within your organization for analysis.
The PAB should only be used to report emails you believe to have malicious intent. If you are receiving spam or marketing emails, you should not use the PAB. You can delete these types of emails or add the sender or sender's email domain to a block list.
The steps for blocking an email sender vary based on your email client. Contact your supervisor or IT team with any questions.
How do I use it?
Once the Phish Alert add-in is installed, upon your next Chrome restart, you will be prompted with a message to "Allow" the KnowBe4 Phish Alert app. Click the "Allow" button on this message.
After allowing the Phish Alert app, you will see the PAB as an orange Phish Hook within Gmail. You can use the Phish Hook to report any email as a phishing email, but you cannot use the PAB to report multiple emails at once. Each potential phishing email should be reported individually. However, if an email has multiple emails associated with it, ALL of the emails will be reported when you report the single email.
In order to report potential phishing emails using the Google Phish Alert extension, you must be logged in to Google Chrome and your Gmail account.
There are three ways to report an email as a phishing email:
1) Click the Phish Hook while viewing the email.
2) Select the checkbox to the left of the email while in the inbox view. Then, click the Phish Hook.
3) Click the drop-down on the top-right while viewing the email. Then, click the "Phish Alert" text.
By using any one of the three options, the email you report will be forwarded to an email address designated by your organization and then deleted from your inbox. If you report an email in error, you can retrieve the email from your Trash/Deleted Items.
Why should I use it?
Reporting emails will help your organization stay safer. Because the potential phishing emails you report are sent for analysis to your organization, your organization will now be aware of which phishing attacks are able to reach their employee inboxes. Once they're aware of possible vulnerabilities, they can better defend against them. You are an important part of the process of keeping your organization safe from cybercriminals. Stop, Look, and Think!