PhishER Change Log

Use this article to stay up-to-date with changes to KnowBe4's PhishER platform.

Note:Changes to PhishER may include new, updated, deprecated, or removed features. KnowBe4 reserves the right to terminate access to, use of, and support of features that are included as part of the Subscription Services, which is common with SaaS services as they are constantly changing and improving. This allows us to adapt to the evolving cybersecurity industry so we can provide current, high-quality services.

See the table below for a list of updates, with the latest updates displayed at the top.

Release Date	Description
June 2026	June 12, 2026 - We've added Microsoft Teams message support to your PhishER Inbox! When your users report suspicious Microsoft Teams messages using the Microsoft Teams Phish Alert Button (PAB), those messages now appear in the new Chats tab of your PhishER Inbox. From the Chats tab, you can filter messages by category, status, and priority. When you click an individual message, the Chat Message Details page displays the message sender, recipient, source, and chat type, along with a preview of the message content, extracted URLs, and any attachments. For more information, see our PhishER Product Manual.
May 2026	May 7, 2026 - We’ve released an integration for KnowBe4’s Defend and PhishRIP, available for Microsoft 365! For accounts with both PhishER and Defend, you can select the Enable Defend Integration check box from the PhishRIP subtab of your PhishER Settings. This integration combines the search capabilities and the Remediation options of PhishRIP and Defend to run PhishRIP queries and manage found messages efficiently. For more information, visit our PhishRIP Guide.
April 2026	April 30, 2026 - You can now export PhishRIP query results directly from the PhishER console to use in external reporting, SIEM platforms, and automated workflows. This eliminates the need for manual data transcription and makes it easier to connect PhishER findings to your broader incident response process. For more information, see our PhishRIP Guide.
March 2026	March 16, 2026 - We’ve added advanced features for the PhishER Blocklist and PhishRIP! From the Preferences subtab of your PhishER Settings, you can enable three new configuration options that provide greater flexibility, but require careful configuration. These options allow you to create blocklist entries that never expire, run PhishRIP queries with only one match criterion, and create new PhishRIP queries based on your own match criteria instead of messages reported to your Inbox. For more information, visit our PhishER Settings: Account article. March 12, 2026 - To provide a more consistent user experience, we’ve updated the default redirect behavior for the PhishER console as a next step for a new backend authentication system. Now, when you log out of PhishER or if your session expires, you’ll be sent to a URL that matches the PhishER domain. The “training.” and “phisher.” subdomains will continue to vary based on your specific instance location. The redirect links will take care of any previously saved URLs for PhishER. However, you may need to update your password manager with the new URLs. Old URL: training.knowbe4.com/app/login?per_redirect=/ New URL: phisher.knowbe4.com/login This update is related to the changes we made to the login pages for both the KSAT and PhishER consoles, beginning November 24, 2025. For additional information about these platform enhancements, see our Login Page and Navigation Menu Overview article. March 10, 2026 - We’ve added a feedback option for PhishML! You can now help us improve PhishML by providing feedback about the results in the PhishML Confidence section of the Message Details page.
February 2026	February 23, 2026 - We’ve added the Detection Threshold option to the VirusTotal subtab of your PhishER Settings! This option allows you to set a threshold of antivirus scanner detections that determines if an attachment or URL is malicious. For more information, see our Integrate VirusTotal with Your PhishER Console article. February 5, 2026 - We’ve added a VMRay integration for the PhishER console. This integration allows you to analyze potential phishing emails and send the results back to PhishER via the Product API. For more information, see our Integrate VMRay into Your PhishER Console article.
January 2026	January 26, 2026 - We’ve added an Exaforce integration for the PhishER console. This integration allows you to access phishing and security awareness data, retrieve reporting data, and use phishing alert intelligence and features through the Product API. For more information, see our Integrate Exaforce into Your KSAT and PhishER Consoles article. January 13, 2026 - We’ve added the ability to identify and track phishing message campaigns in your PhishER Inbox! Now, PhishER analyzes the subject and body of reported messages to group all related messages together. From the Similar subtab in your Message Details, you can review and compare these similar messages to identify coordinated phishing campaigns. For more information, see our Viewing the Sidebar section of our PhishER Inbox Guide. This feature will be gradually released to all accounts.

Release Date	Description
December 2025	December 1, 2025 - We’re excited to announce the release of our new navigation menu, enhanced login page, and updated KnowBe4 logo! These updates will be rolled out by region, on the following schedule: Dec 1, 2025: EU Dec 2, 2025: US For additional information, see our Login Page and Navigation Menu Overview article.
November 2025	November 24, 2025 - We’re excited to announce the release of our new navigation menu, enhanced login page, and updated KnowBe4 logo! These updates will be rolled out by region, on the following schedule: Nov 24, 2025: DE Nov 25, 2025: UK Nov 26, 2025: CA For additional information, see our Login Page and Navigation Menu Overview article.
October 2025	October 20, 2025 - We've released the YARA Rule Generator for PhishER Plus! This feature simplifies rule creation by automatically generating YARA rule syntax based on your description. For more information, visit the Creating Rules Using the YARA Rule Generator section of our Create and Manage PhishER Rules article. This feature will be gradually released to all PhishER Plus accounts.
June 05, 2025	We've updated the Enable Hidden Quarantine Folder feature! Now, when a new PhishER account is created, the Hidden Quarantine Folder will be toggled on by default when PhishRIP is enabled. For more information, see our PhishRIP Guide.
May 15, 2025	We've added a new PhishRIP feature for Microsoft 365: the Enable Hidden Quarantine Folder check box. When enabled, this feature automatically moves future quarantined messages to a hidden folder in Outlook, enhancing security by helping users avoid accessing potentially malicious content. For more information, see our PhishRIP Guide.
April 28, 2025	We've released user communication via the Discussion Panel! This feature enables external communication between PhishER admins and users who report emails using the Phish Alert Button (PAB). From the Message Details page of your Inbox, you can now have conversations with users who report messages with the PAB. The Discussion subtab displays the full conversation and allows you to send an external message from the PhishER console when the user responds. For more information, see our Viewing the Actions and Discussion section of our PhishER Inbox Guide.
April 7, 2025	We've launched the KnowBe4 Academy! Now, you can learn how to use and integrate KnowBe4's products successfully. The following modules are now available: PhishER 101 KSAT 101 Free Tools 101 KnowBe4 101 For more information, see our KnowBe4 Academy Guide.
March 3, 2025	We've added the ability to tag messages automatically based on the reporting email address! In the Reporting Emails subtab of your PhishER Settings, you can create a custom tag for each email address. When emails are reported to your PhishER Inbox, PhishER will automatically assign the tag for the specific email address. For more information, visit our PhishER Settings: Account article.
February 12, 2025	We've added the Specify Reporters option to the Actions Details page! This option allows you to set up an action that triggers when specific users report emails. For more information, visit our Create and Manage PhishER Actions article.

Release Date	Description
December 19, 2024	We've added the PhishML Confidence option to the Actions Details page! This option allows you to set a threshold of PhishML confidence values that will trigger your action. For more information, visit our Create and Manage PhishER Actions article. This feature will be gradually released to all accounts.
December 10, 2024	We've released PhishML Insights for PhishER Plus! From the Message Details page of your Inbox, you can run PhishML Insights to learn more about PhishML's analysis of messages. This feature provides details about how PhishML determined if a message is clean, spam, or a threat. For more information, visit our PhishML Insights Guide.
November 26, 2024	We've released an XM Cyber Security Control Monitoring (SCM) integration to the PhishER console. This integration provides you with insights into the configuration and activation of security controls. For more information, see our Integrating XM Cyber's SCM with PhishER article in our Knowledge Base.
November 12, 2024	We've released Global PhishRIP for PhishER Plus! This feature uses crowd-sourced, verified information about PhishRIP queries to automatically find and remove email threats from inboxes associated with your Microsoft 365 or Google Workspace mail server.
September 24, 2024	We've improved PhishML's ability to analyze and classify the language used in the content of reported emails. This improvement will be delivered to your PhishER console automatically.
September 19, 2024	We've released the ability to delete users in your PhishER console! After you revoke a user's PhishER permissions from the Users subtab of your PhishER Settings, you can use the Delete User option in the Actions column to delete the user from the console.
September 18, 2024	We've added a FortiSOAR integration to the PhishER console. This integration allows you to pull emails into PhishER to add and update tags, comments, and dispositions. For more information, see the PhishER integration documentation from FortiSOAR.
September 10, 2024	We have released the Downloads subtab and Alerts for your PhishER console! Reports and large files that you generate in your console are now listed in the Downloads subtab of your PhishER Settings. When a newly generated file is ready to download, you will receive an alert from the Alert subtab of the user icon at the bottom of the navigation bar. For more information, read our PhishER Settings: Account article.
August 12, 2024	We've added an Onyxia integration to the KnowBe4 console. This integration allows you to send information from PhishER to Onyxia to get strategic cybersecurity program recommendations. For more information, see our Integrate Onxyia with Your PhishER Console article
May 2024	We've released Threat Intel for PhishER Plus! KnowBe4's Threat Intel integration is powered by Webroot BrightCloud Security Services. This integration allows PhishER to automatically scan and analyze URLs using Webroot's threat intelligence database. For more information, read our Integrate Threat Intel with Your PhishER Platform article.
April 2024	We've added the QR Code Decoder! This feature operates in the background of your platform to automatically scan for QR codes in reported emails. When the QR Code Decoder detects a QR code in the body of a message, it extracts the URL embedded in the QR code and assigns a tag to the message. For more information, read the QR Code Decoder Tags section of our Create and Manage PhishER Rules article.
March 2024	We've added the User Mailboxes Selection setting for PhishRIP queries! From the Mail Servers subtab of your PhishER Settings, you can update your mail server instances to create lists of email domains or regular expressions. PhishRIP queries will only search in the mailboxes of users who have a matching domain or regex string from your created lists. For more information, read our PhishER Settings: Integrations article.

Release Date	Description
November 2023	We've added new system rules! From the Rules tab in your platform, KnowBe4 now provides four additional system rules to help you manage messages in your Inbox.
October 2023	We've added a CrowdStrike Falcon Sandbox integration to PhishER Plus! This integration allows you to send data to your CrowdStrike Falcon platform to safely analyze attachments and URLs from reported emails in a protected sandbox environment. For more information, read our How to Integrate CrowdStrike with Your PhishER Platform article.
September 2023	We've added system actions for new PhishER users! From the Actions tab in your platform, KnowBe4 now provides several actions to help you manage the messages in your Inbox. These actions can be enabled and used with minimal configuration, allowing you to start reviewing reported emails immediately.
August 2023	We have released PhishER Plus! This new subscription includes the Global Blocklist and Global PhishRIP features. You can use these features to strengthen your organization's email filters and prevent active phishing attacks by combining crowd-sourced information with existing features in your platform. To learn more, see our PhishER Plus product page.
June 2023	We've added the Audit Log feature for your PhishER Blocklist! From the Blocklist tab in your platform, you can click the Audit Log subtab to view information about when entries are created, deleted, and synced with mail servers. For more information, see our How to Use the PhishER Blocklist article.
January 2023	We've released the new PhishER Blocklist feature! The blocklist synchronizes with your Microsoft 365 mail server to automatically filter malicious and spam emails from your users' inboxes. From the Blocklist tab, you can create and manage a unique list of blocklist entries for your organization. For more information, see our How to Use the PhishER Blocklist article. We've also added a Mail Servers tab, which allows you to connect and manage your mail servers. For more information, see our PhishER Settings article.

Release Date	Description
December 2022	We've added the option for reporting email addresses to only receive manually-reported emails. If you enable this option, PhishER will recognize emails with EML attachments as manually-reported emails. You can find the Forwarded Only setting in the Reporting Emails sub-tab of your PhishER Settings. For more information, see our PhishER Settings article.
August 2022	We've added the new Resource Center feature to your platform. From the Resource Center, you can view a full list of product guides and release notes, search our Knowledge Base, and create support tickets. For more information, see the Using the Resource Center section of our How to Use the Product Guide Feature article. We've released the new product guide feature. Product guides walk you through specific features to help you get the most out of your platform. For more information, see our How to Use the Product Guide Feature article. We've added global variables to allow you to update multiple rules at once if the rules use the same strings. In the Rules section of your platform, you can create global variables from the Global Variables tab. You can use either the Basic Editor or Advanced Editor to create rules containing global variables. For more information, see our How to Write YARA Rules article and PhishER Product Manual. You can now set a password to protect the files and attachments that you download from reported messages in PhishER. To set a password, enable the Password Protect Downloads setting in the Preferences tab of your PhishER Settings.
July 2022	In the PhishRIP section of your platform, we've added the option to filter messages by the PhishFLIP status. For general information about PhishRIP, see our PhishRIP article.
April 2022	We've released our new Basic Editor feature for rules. This feature guides you through creating a custom rule in PhishER. Rules are logical expressions used to disposition emails forwarded to your PhishER inbox. For more information, see our How Do I Create a Rule and Action in PhishER? article.
February 2022	We've updated our PhishRIP feature to support more than one instance of Microsoft 365 and Google Workspace. For more information, see our PhishER Settings article. We've improved the User Comments and Email Disposition feature for the Hybrid PAB. Now, this feature adds tags and user discussions to your platform. For more information, see our Adding User Comments and Email Disposition to the Phish Alert Button article.
January 2022	We've added the option to send notifications to your users based on your different rooms in PhishER. You can send these notifications to multiple users over a specific timeframe. You can customize notifications to only alert users when a room has more or less than the desired number of emails. For more information, see the Notifications section of our PhishER Settings article.

Release Date	Description
October 2021	We've updated our YARA Rule version to now support YARA version 4.1.2. For more information, see our How to Write YARA Rules article and YARA's documentation.
September 2021	We've released an improvement to our PhishRIP queries.
July 2021	We've updated our Custom DKIM feature to now allow you to add your own custom signing domains to your platform. For more information, visit our How to Enable and Customize DKIM Signatures in PhishER article. We've released our new PhishER APIs to allow you to evaluate all of the suspicious emails that make it through to your users' inboxes. For more information, see our KnowBe4 API Reference Guide and our KnowBe4 PhishER API article. We've released Custom DKIM signatures for PhishER. Admins can now use allowed domains as signing domains for PhishER. For more information, see our PhishER Settings article. You can now use PhishFlip without having to have PhishRIP enabled. In order to access the PhishFlip feature, you must have full PhishRIP Security Role access. See our PhishFlip and our PhishER Settings articles for more information. You can now retry your failed PhishRIP Queries. You can use the Retry button to run the query again without creating a new query. See our PhishRIP article for more information.
June 2021	We've added a new filtering drop-down menu in the Domains and URLs section and the Attachment section of the Message Details. You can use these filters to only view the domains, URLs, or attachments that you're interested in. For more information, see our PhishER Product Manual.
May 2021	We've released our new PhishFlip feature. This feature allows you to create KSAT phishing templates from the user-reported emails that were sent to PhishER. For more information, see our PhishFlip article.
March 2021	We've added the option to create webhooks for your platform. Webhooks allow you to provide other applications with real-time information. You will be able to receive a callback based on an Action that is attached to a message. For more information, see our PhishER Settings article.
February 2021	We've removed the character limit when you view a raw message in the Message Details. We've updated the Message Details section of your Inbox to allow for PhishRIP messages with similar subjects and senders to be grouped by AttackID when clicking the View Queries button. For more information on this new feature, see our PhishRIP article.
January 2021	We've added widgets to your Dashboard. You can add and remove different charts to see the information that is important to your organization and to customize your Dashboard. For more information on the new Dashboard features, see our PhishER Product Manual.

Release Date	Description
December 2020	Your PhishER platform now allows you to create Security Roles for the PhishER platform. This allows you to add users from your KnowBe4 Security Awareness platform and grant them Limited or Full access to different areas of PhishER including Rooms, Inbox, Rules, Actions, PhishRIP, and Settings. You also have the ability to create Tag Limitations for the various Security Roles that you create. For more information, please visit our PhishER Settings article.
October 2020	Your PhishER platform can now be integrated with KnowBe4 Security Awareness Console. You can now send PhishER Events and Actions to the user timeline and create Smart Groups based on the information that you gather from your users through this integration. For more information, please visit our PhishER Settings article. Your VirusTotal integration with your PhishER platform now allows you to include domains that you would like to ignore when completing a VirusTotal scan. For more information, please visit our PhishER Settings article. The Reports section of your PhishER platform now offers a new bar graph that shows the most common Attachments, Reporters, Senders, Domains and URLs, and Tags. The Rooms section of your PhishER platform now offers the ability to go to a filtered Inbox, Dashboard, or Report based on your Saved Queries or the System Generated filters. Your PhishER platform now allows you to connect the PhishRIP feature with your Google Workspace instance. For more information, please visit our PhishER Settings article.
September 2020	When you sign out of your PhishER platform, you will also be signed out of your KnowBe4 console.
August 2020	Your PhishER platform now allows for to pick which columns you would like to see included on the Reports page. For more information on this new feature, visit our PhishER Product Manual. Your PhishER platform now includes a new Search bar. You can use the Search bar to find a dashboard or executive report for a specific search or campaign. For more information on the new Dashboard features, visit our PhishER Product Manual. Your PhishER platform Dashboard now gives you the ability to click on any of the following fields and taken to an automatically filtered inbox: Reported Messages, Automatically Resolved, Manually Resolved, Unresolved, Category, and Priorities. For more information on the new Dashboard features, visit our PhishER Product Manual. Your PhishER platform now allows for empty searches to be performed in Rooms as long as there is a particular field specified for the empty search.
July 2020	A count for the number of Attachments and Domains and URLs that exist in the message was added to the Preview tab of the Message Details screen. Your PhishER platform now includes the ability to customize the Body field in the Find Similar Messages window. You can create a new PhishRIP query by selecting the Body and modifying the text field. For more information on Customized Criteria, visit our PhishRIP documentation.
June 2020	Your PhishER platform now includes Customized Criteria. You can create a new PhishRIP query by selecting one of the following fields and modifying the text: Subject, Sender, Recipient, and Attachment. For more information on Customized Criteria, visit our PhishRIP documentation. The Actions section of your PhishER platform now offers the option of including Find Similar Messages in your Action. If the Find Similar Messages option is enabled, you can select the criteria that you would like the Action to create a new PhishRIP Query for when the Action is triggered. For more information on how to use the Find Similar Message section when creating an Action, visit our How Do I Create a Rule and Action in PhishER documentation. The Actions and Discussion sidebar of the Message Details page now include information on the number of PhishRIP queries that were initiated and the date of the last query that was initiated by the selected message. To learn more about the new information included under the PhishRIP section of the Actions and Discussion sidebar, visit our PhishER Product Manual.
April 2020	Your PhishER platform now includes PhishRIP, an email quarantine feature that allows your organization to search for user-reported emails across all of the mailboxes tied to your Microsoft 365 instance. Using PhishRIP, you can prevent active phishing attacks by removing potential email threats from the inbox of your users. Visit here to learn how to enable PhishRIP in your PhishER platform.

Release Date	Description
August 2019	Your PhishER platform now includes PhishML, a machine-learning module that analyzes all messages forwarded to your PhishER inbox. Visit here to learn how PhishML provides you with information that can make your prioritization process easier, faster, and more accurate. A Tags report was added to the Reports section of PhishER. Check out this report to view a list of your most common tags. Two columns were added to the PhishER inbox: Current Disposition Date and First Disposition Date. The PhishER Email Template Editor now includes a Source code option for HTML customization.
June 2019	Modify your Dashboard view to display a custom date range of data using the PhishER date picker. Visit here for more information. New placeholders were added to the Email Template Editor. Check out our Email Template Placeholders table for all of the details. The option to enable VirusTotal Automatic Scanning is now available. Click here to learn more about your automatic scanning settings. If you select messages in your PhishER inbox, a Run drop-down will now appear. This drop-down presents two sections: Replay and Actions. If you want to run all rules or all rules and actions against selected messages, choose an option from the Replay section. If you want to run an action against selected messages, choose an action from the Actions section. Visit here for more information about this recursive drop-down! A Download CSV option was added to the PhishER Inbox and Reports page. An Email section was added to the Run drop-down in your PhishER inbox. When a message is selected, this new section allows you the option to send a custom email. For more information about this feature, visit here.
April 2019	When creating an action, you can now choose the Delete matching messages option. If this option is selected, all matching messages will be permanently deleted from your PhishER inbox when the action is triggered or run. Preview how a YARArule would affect messages in your PhishER inbox by using the Preview Rule option. Visit here for more information about this feature. If your PhishER platform is integrated with VirusTotal, you can now run a VirusTotal scan on attachments and URLs from the Message Details screen.
March 2019	An Email Templates section was added to the PhishER Settings page. This setting allows you to attach custom email templates to your PhishER actions. Track the history of a message from the Message Details section of your PhishER Inbox. Message history will list all of the events that changed or modified a message. A QuickActions bar was added to the PhishER Inbox. Add your most frequently used actions to the QuickActions bar for quick accessibility. You can now manage admin and user access to PhishER by enabling or disabling PhishER under an individual's User Profile settings in the KnowBe4 console.
February 2019	A Data Retention section was added to the PhishER Settings page for custom configuration. Bulk tagging can be done from the PhishER Inbox. This means that multiple tags can be added to multiple selected messages at the same time. All tags, attachment names, and email addresses are clickable filters. Clicking on one of these items will display a filtered view of your PhishER inbox.

Release Date	Description
December 2018	Bookmark this page to learn about PhishER updates.

Change Logs and Release Notes

Categories

Categories

Recent activity

<%= article.title %>

Change Logs and Release Notes

Share

PhishER Change Log

Categories

Categories

Recent activity

<%= article.title %>