How Can I Identify a Phishing Security Test (PST)?

There may be a scenario where you or your IT team will need to determine if a phishing email is a simulated test from KnowBe4 or a real phishing attack. This guide will show you how to identify a simulated phishing email. For more information about phishing security tests, see our Phishing Campaign Overview article.

Finding Email Headers

To determine if a phishing email was sent from KnowBe4, you can look at the email header. By default, all of our simulated phishing test emails contain “X-PHISHTEST” in the header. However, your KnowBe4 admin has the option to create a custom header from the Account Settings page to use instead of the default header.

To find the email header for an email, you will need to follow the instructions for your specific mail client. Make sure you analyze the email header from the same mail client that the email was originally received in. 

MXToolbox and Applied Innovations have compiled a database of instructions for how to obtain email headers from different mail clients. Use one of the links below to learn about how to view the email headers for your specific mail client.

• MXToolbox: How to Get Email Headers
  • MXToolbox also offers an Email Header Analyzerthat scans your headers and makes them readable rather than a jumble of letters and numbers.
• Applied Innovations: How to View Email Headers

If you need assistance with whitelisting, submit a support ticket and our support team will be happy to help.

Back to top