Microsoft Outlook’s New Phish Button
There has been a notable rise in sophisticated phishing emails schemes by cybercriminals in recent times, with the FBI estimating that phishing incidents doubled from 114,702 in 2019 to 241,324 incidents in 2020. To curb these cases, Microsoft has now introduced a new “Phish Alert” button feature in Windows products to help users immediately report phishing emails to relevant Information Security. Once you click on the “Phish Alert” button on any open email page, the phishing email will be automatically deleted from your inbox and forwarded for further analysis.
How Does a Phishing Email Work?
Phishing is a type of cyber-attack that uses masked emails to infiltrate systems. These emails aim to trick the recipient into believing they are receiving valuable communication from legitimate organizations. Cybercriminals use phishing attacks to steal valuable data like login information and credit card details or introduce malware on the victim’s machine.
What Is the Phish Alert Button (PAB)?
The Phish Alert Button (PAB) is an add-in feature for Microsoft Outlook, Exchange, Microsoft 365, and Google Workspace that allows users to report suspicious emails. The PAB allows your staff to take an active role in mitigating email phishing attacks and other types of malicious emails.
When Do I Use the PAB?
Click the PAB after receiving what you suspect to be a phishing email or any other malicious email. This action automatically reports and forwards the email to a designated contact within your organization for further investigation. Notably, PAB should be used purposely to report malicious emails and not spam or marketing emails. Spam and marketing emails can be deleted individually or added to a block list. If you report a valid email in error, you can retrieve it from your deleted items/ trash folder.
How Do I Use the PAB?
How you use the PAB may vary depending on your device and email client. Generally, the following are the steps to use PAB with a range of Windows products:
Once the PAB add-in has been installed, a PAB icon automatically appears in your drop-down menu when you open your email. To report a suspicious email as a phishing mail, follow the steps outlined below
- Step 1: Click the PAB icon
- Step 2: Next, a sidebar prompt will request you to confirm if you want to report the email as a malicious phishing email. Click the Phish Alert button to report the email
- Step 3: Once you click the Phish Alert button, you will be notified whether the phish was indeed malicious or a simulation.
Outlook Mobile App (Android)
To report a suspicious email as a phishing mail in Outlook Mobile App, follow the steps outlined below:
- Step 1: Tap the three dots at the top right of the screen that appears on any open email
- Step 2: A prompt asking you if you are sure you want to report the email as a phishing email will appear. If you are sure, report the mail by clicking the Mobile Phish Alert button.
- Step 3: Once you have reported the email, a congratulatory message will display on your screen. Close it by clicking OK.
Outlook Mobile App (iOS)
To report an email as a phishing email in Outlook Mobile App (iOS), follow the steps outlined below:
- Step 1: Tap the three dots at the top of the screen on any open email
- Step 2: A Phish Alert add-in will appear. Tap the Phish Alert add-in button
- Step 3: A prompt asking you to confirm if you want to report the email as a phishing email will appear. Tap the Phish Alert button to report the email.
- Step 4: Once you have successfully reported the email, a congratulatory message will display; close it by clicking OK.
How Do I Use PAB on My Gmail?
Once the PAB add-in is installed, you will be prompted with a message that says “Allow” the KnowBe4 PAB app” when you restart your Chrome.
After clicking the “Allow” button on the message, you will then see the PAB as an orange Phish Hook within Gmail. Leverage the Phish Hook to report any email as a phishing email. Ideally, it is also possible to report multiple emails using the PAB Phish Hook.
Why the PAB Button Is Important
The PAB button offers an easy solution to quickly and effectively report suspicious emails to improve your organization’s safety. Ideally, the potential phishing emails that you report are send for analysis meaning your organization will have better insights regarding the phishing attacks send to their employee inboxes. This will help them address any vulnerability and formulate strategies to defend their Windows environments against phishing attacks and other forms of cyberthreats.
How to Maximize PAB in Your Organization
The following are a few tips to maximize your PAB feature:
- Train users: To successfully leverage the PAB tool, experts recommend enrolling all your employees in a PAB training campaign. Proper training enables learners to know when and how to use the PAB. Ideal training modules cover basic use, how to report suspicious emails, how to report unsolicited emails, and more. Most of these trainings are available at all subscription levels and can be customized to suit your needs.
- Test the PAB: You can create a PAB test campaign to test your PAB and ensure it works. A PAB test campaign allows you to monitor the campaign results to see if the PAB works for your employees. Leverage a custom template to create a phishing campaign and use it within your organization to test your PAB. If you would like help setting up your PAB test campaign or training your employees, you can contact Mathe Inc. today.
Get Professional Help to Maximize Your PAB
Mathe Inc. provides cloud desktop and cloud infrastructure services to organizations such as accounting firms, healthcare, and other organizations leveraging a secure cloud environment throughout the United States. We specialize in secure cloud desktop solutions designed to protect, detect and respond against phishing and other forms of cyberthreats. If you have any questions or need help to maximize your PAB, contact us today.
With over 35 years in the business of supporting and implementing technology for the SME market, and 6 years previously in Corporate IT and Voice. I have seen a great deal of change. The only common thread is I have always focused on the Business Wise application of Technology. We always try to look 5 years ahead of the current technology to make sure our clients are on the right track to meet current and future needs.