What You Need to Know About the New Phish Button

written by craig beam posted on October 25, 2021

What You Need to Know About the New Phish Button

Phishing attacks are undeniably one of the most prevalent and dangerous types of cybercrime that organizations worldwide are currently grappling with. Recent studies show 75% of organizations worldwide had a phishing attack in 2020, with 74% of attacks targeting US businesses succeeding. Experts reveal despite revived efforts to raise employee awareness through training, phishing remains the threat type to most likely cause a data breach in 2021 and beyond.

Fortunately, your employees can now leverage the new phish alert button (PAB) to quickly delete and report suspicious emails to the relevant security department in your organization for further analysis and remedial action.

What Is the New Phish Button?

The Phish Alert Button (PAB) is an add-in for Microsoft Outlook, Exchange, Microsoft 365, and Google Workspace that allows users to report suspicious emails. The PAB is designed to enable your employees to be at the forefront in managing phishing attacks and other malicious emails targeting your organization. Phish Alert Button provides your IT security team with immediate warnings of possible phishing attacks, so they can be proactive at resolving vulnerabilities that could lead to system and network compromise.

Benefits of the PAB

If your mail environment supports the PAB, you can leverage this tool to protect your organization from cyberattacks. The following are some ways the PAB can benefit your organization:

  • Fast and effective reporting: Your employees can use this tool to report potential phishing emails or simulated phishing threats quickly. It offers an easy option for your users to report suspicious emails without having to send the entire email manually to your IT security team, managers, or help desks.
  • Customization: The PAB solution can be customized to suit your organization’s specific needs. For example, you can set up a separate email address for non-simulated phishing attacks. You can also customize the instant messaging that the users receive whenever they click the PAB to report an email.
  • Enables better decisions: Your users are an integral part of keeping your organization safe from cybercriminals. When your employees use the PAB to report an email, your security team better understands the kinds of phishing emails that your users receive in their inboxes. They also gain valuable insights into your system vulnerabilities to defend them more effectively. You can use this information to develop an in-depth security strategy to protect your environment.

When Do I Use the PAB Tool?

You should train your employees to click the PAB icon every time they receive a phishing email or any other potentially malicious email. As mentioned earlier, the emails you report will be deleted from inboxes and forwarded to a designated contact within your organization for analysis. Keep in mind the PAB is designed to be used ONLY for emails with malicious intent. It should not, therefore, be used to report marketing or spam emails.

How Do I Use the PAB Tool?

How you leverage the PAB to report a suspicious email varies depending on your device and email client. However, no matter your device, the reported email is handled in the same way. The email your report will be forwarded to your IT security team, and Microsoft then erased from your inbox. In case you report an email in error, you can always retrieve it from your Trash/Deleted Items.

Here is a summary of how to use the PAB with different products and solutions:

Outlook on the web

The PAB icon appears in the drop-down menu of an open email. To report the email, click the PAB icon and a sidebar prompt asking to confirm your action will appear. To proceed, click the Phish Alert button to report the malicious email.

Outlook mobile app (Android)

Tap the three dots appearing at the top-right of your screen on any open email to report an email as a phishing email. A Phish Alert add-in will appear, and once you tap it, a prompt asking to confirm your actions will display. Tap the Mobile Phish Alert button to report the email. Once you successfully report the suspicious mail, a congratulatory message will display.

Outlook mobile app (iOS)

To report a suspicious email on any open email page, tap the three dots at the top right of the screen. A prompt asking you to confirm your actions will display. Tap the Phis Alert button to report the email. Once you successfully report the suspicious email, a congratulatory message will display.

How Do I Use the PAB in Gmail?

If your organization has recently installed the PAB in your Chrome browser, follow the steps outlined below to utilize the tool stay safe from phishing emails.

  • Step 1: After installing the PAB add-in, restart your Chrome. A prompt with a message to “Allow” the KnowBe4 PAB app will display. Click the “Allow” button on this message.
  • Step 2: An orange Phish Hook on Gmail will display. Use it to flag and report any email as a malicious phishing email.

Please note that to use the Google PAB extension to report a potential phishing email, you must be logged in to both Gmail and Google Chrome accounts.

How Do I Use the PAB for Microsoft 365?

After installing the PAB add-in, you will see the PAB icon in the drop-down menu of the email. Click the PAB icon to report a suspicious email as a phishing email. A sidebar prompt asking you to confirm your actions will display. Click the Phish Alert button to report the email. You will be notified if the phish was simulated or whether it was malicious in nature.

Get Help to Protect Your IT Environment

If you need help to maximize the benefits that the Phish Alert Button offers, don’t hesitate to contact MicroXpress Inc. MicroXpress Inc. is the go-to company for a range of responsive IT support and cost-effective solutions designed to help improve your efficiency, boost productivity and enhance the security of your organization.

We provide a range of IT security services, including vulnerability and configuration management, penetration testing, 24/7 monitoring and control, security engineering, audit and compliance. Contact us today for more information about our solutions.