Menu English (US) Čeština Dansk Deutsch Español (Latinoamérica) Español (España) Suomi Français (Canada) Français (France) हिंदी Magyar Bahasa Indonesia Italiano 日本語 한국어 Bahasa Melayu Nederlands Norsk Polski Português do Brasil Português (Portugal) Română Русский svenska ไทย Türkçe Українська Tiếng Việt 简体中文 繁體中文

Adding User Comments and Email Disposition to the Phish Alert Button

Updated:

Created:

PAB User Comments and Email Disposition Guide

The User Comments and Email Disposition feature for the Phish Alert Button (PAB) allows your users to add comments and decide the disposition of an email when they use the PAB. This new feature can provide your IT security team with the reported email’s disposition as an early warning of possible phishing attacks or malicious emails. Then, your IT security team can then take effective action to prevent security or network compromise.

Note: The User Comments and Email Disposition feature is available for the Hybrid Phish Alert Button, Microsoft 365 (Outlook 2016 or above, Outlook Web Access), Microsoft Exchange (2013 or above), and for the Gmail Phish Alert Button (PAB) Add-on. This feature supports localized text entries.

Click the links below to learn how to enable this feature, how this feature works, and how your users can use this feature in their inboxes.

Jump to:
Enabling User Comments and Email Disposition

Email Disposition

User Comments

PhishER Integration

User Experience

 

Enabling User Comments and Email Disposition

To allow your users to send comments and decide the email’s disposition, follow the steps below:

  1. Log in to your KnowBe4 console and navigate to your Account Settings screen. This screen will look different depending on your account version. For more information, see the Enable and Configure section of our Phish Alert Button (PAB) Product Manual.
  2. Navigate to Account Integrations > Phish Alert.
  3. Select the Enable Phish Alert check box.
  4. If a Phish Alert instance does not exist, click the green Add Phish Alert Instance button.
  5. Select the Allow users to leave comments and disposition check box.

Back to top

 

Email Disposition

When your users click the PAB to report an email, the sidebar will include options to suggest the disposition of the email. The possible dispositions are Phish/Suspicious, Spam/Junk, and Unknown. For more information about each of these dispositions, see the list below:

  • Phish/Suspicious: These emails are sent by cybercriminals to entice you to click on a link or to give up personal or sensitive information.
  • Spam/Junk: These emails are typically sent from companies trying to sell your users a product or service.
  • Unknown: Your users can select this option if they are unsure whether an email is a phish or spam. This is the default setting.

You can set different email addresses as recipients based on the disposition that your users select. For example, you can specify one email address to receive spam emails and another email address to receive emails that your users suspect are malicious. To set a recipient, enter email addresses in the fields under Send Dispositioned Email to: (click to view).

Users are not required to suggest a disposition when using the Phish Alert Button. For more information on the difference between phishing and spam emails, see our How to Use the Phish Alert Button (PAB) Downloadable PDF.

Back to top

 

User Comments

Your users can use the Add a comment section to tell your security team why they choose to classify the email as Phish/Suspicious, Spam/Junk, or Unknown. This text box can be used to explain any potential red flags that your users noticed in the email. These comments can help your security team get a better understanding of what indicators they should look out for when reviewing the reported emails. Users are not required to add a comment when using the Phish Alert Button.

When your users submit user comments, you can either view the comments in PhishER or in the PAB notification emails. In the PAB notification emails, the user comments will be attached as a .json file and displayed in the User Comments section.User Comment Notification Email

Note: PAB notification emails will be forwarded to the email addresses that are specified in the Send Non-Simulated Emails to: setting in your Account Settings. For more information about configuring PAB in your Account Settings, see the Enable and Configure PAB section of our Phish Alert Button (PAB) Product Manual.

For information about viewing user comments in PhishER, see the PhishER Integration section below.

Back to top

 

PhishER Integration

You can also view your users' suggested dispositions and comments in your PhishER platform. Using PhishER, you can further categorize suspicious emails and determine if these emails are legitimate.

In PhishER, the Phish/Suspicious and Spam/Junk dispositions will appear as tags on individual emails. You can use these tags to separate your users' suggested dispositions from other tags in PhishER. The word User: will appear in front of the Phish/Suspicious and Spam/Junk tags. No tag will appear for an email that is reported as Unknown.

You can view all user comments in the Discussions tab on the right side of the Message Details page. Each user comment will appear in the corresponding email, along with the user's name.Viewing User Comments in PhishER

Back to top

 

User Experience

The User Comments and Email Disposition feature is compatible with the Hybrid PAB, Microsoft 365 (Outlook 2016 or above, Outlook Web Access), Microsoft Exchange (2013 or above), and with the Gmail PAB Add-on. When a user clicks on the Phish Alert Button to report an email, the Phish Alert sidebar will appear. Once your users select the email's disposition and add comments, they will click on the Phish Alert button to report the email.

Back to top

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.

Related articles