Who is using the KnowBe4 Phish Alert button?

(Dan) #1

How many are using this and how is it going? We deployed it when we signed up with KnowBe4 and so far it appears to be utilized and a better solution for the end user. We have it configured to forward to our ticketing system.

One question I had, does anyone know how the button identifies the phishing emails that are sent out in the campaign? Is it just by domain or something else? I’ve had several users submit emails that were sent out for training and one of them said they got a “Congratulations” pop up when they submitted one of the training emails, instead of the regular “Thanks for submitting”. This is obviously not a good thing. I don’t wan’t them to be congratulated for submitting a legitimate training email from KnowBe4.

Now I’m willing to agree with the user is confused on what it said, but it would help to know what criteria the “Congratulations” is displayed or if it’s even possible for that to show by submitting a KnowBe4 training email.


We have deployed this out to just our technical department - so far we have users that are trigger happy and send us all kinds of ‘spam/junk’ versus legitimate phishing emails. We are responding back as necessary, so I see this getting better as education develops.


We use it heavily. We send the messages to a sandboxed lab, so we can do analysis on documents, or anything else suspicious. We also have users send links to dropbox and other file sharing sites, so we can get a look at them before we release the materials to the employee. A very effective system.

(Sarah Cuny) #4

We’ve been using the Phish Alert button for over a year. It’s been an excellent training tool. There are users who mark advertisements that they forgot they signed up for, so we take the time to explain the difference between a phishing email and just spam. But I’m happy they are more suspicious of email overall.

We’ve consistently seen the Congratulations! message when the Phish Alert button is clicked for the test phishing campaigns we send out through KnowBe4. I’ve never seen it for a non-knowbe4 email.

(Ray) #5

We have been using it for about 6 months or so. It seems some users remember it and use it while others don’t. I respond to each one pointing out how they can tell, and how I can tell its a Phishing email. A few legit emails come through every once in a while, but that beats the alternative!

(BJ Beier) #6

We’ve been using it since it was in beta testing and love it. I will agree with @shad0w and @SarahC that we get junk/spam/newsletters, but I’d rather receive all of that than getting infected with ransomware. We have the emails going to our ticketing system for tracking and we do respond to all the emails. I can see @o_o’s side about letting the users know if was a test. You can customize your messages by going to your KnowBe4 dashboard and clicking your email in the top right and choosing “Account”. Scroll down and find the Phish Alert section.

(Will Jeansonne) #7

Great question, Dan! Thanks for posting!!


Same here. This is now going hand in hand with additional training as to what the difference is between spam and phishing. We would have thought that after various campaigns and informational articles this would have been clear to everyone by now but we quickly realised it wasn’t the case.

(Chuck Kissel) #9

We deployed to the IT staff and decided not to deploy to the users for the one fact that if the email is malicious it leaves the email in the user’s inbox. We have trained our users to send suspicious emails to an isolated mailbox and then delete the email from their inbox and deleted items. When the item is inspected my an IT staffer and is legit we forward the email back to the user.
Basically an option that will permanently delete the item after it was deemed suspicious would be awesome.

(Markus) #10

We deployed this feature site wide after our initial KnowBe4 training.We set it up to forward the emails to our security team for screening.

Not only does it add a safeguard for the emails that users aren’t sure of, but it also gives the team a first hand look of what kind of messages are getting through the filter that would have otherwise been deleted without regard by said users.

(Josh Sanderson) #11

Has anyone had any issues with reliability in Outlook. Some plugins have been a nightmare for us in the past. The Phish Alert plugin seems safe on my workstation but I’m a little concerned to deploy it company-wide.

(Greg Vasquez) #12

We have been using it for about 2 months or so. I think it has been great for people as they know exactly what to do if they get a suspected phishing email now. No ambiguity or no mailbox to remember, they just hit the button.

Also, we have been using it with Office 2016 and inside o365, seen no issues with it so far.

(Mel Green) #13

I have been hesitant to push this out to people - both because of what @Josh_Sanderson said (Outlook plugin woes!) and also for fear of doing too much at once. We’ve only been with the program a few months. And we’re not standardized so we’re running 2010, 2013 and 2016 :frowning:

Anyone else had any issues with Outlook and the plugin?

(Chad Kennedy) #14

We are using the Phish Alert add-in. I have been having issues with the plugin disappearing from Outlook. Only solution I have found is to re-install the add-in. We are running Windows 7 Pro and Outlook 2016.

(Dale Gardner) #15

We have been using it for several months. We are a Windows 7, Outlook 2007, Exchange 2010 shop with almost 300 users in 6 states. I can recall about 2 instances of the plugin not working and it was a simple uninstall/reinstall. We have several submissions a day and at first it was indeed a training exercise in what was spam and what was phishing. As we have 2 IT guys we don’t always get to look at every one we receive, so we have our users follow up with an email if they want something checked. Currently we “check” by opening the email with an iPad, taking screen shots, then mailing the screen shot from the iPad to the user. We’ve considered forwarding the emails to an account (checkme@gmail.com), then using a Thin Station in the DMZ to open and print. Obviously this would require a user to do this, but if the station was infected, it is in the workgroup domain so it cannot see anything “inside”, and as it is a dumb tube, just turn it off and back on to boot from a CD to “clean” the system. I’ve also worked with our managers on the premise of “it is not if, but when” ransom ware makes it through. They were surprisingly amiable to the conversation and we worked through what it would take to recover from the previous day’s backup (please make sure you have secure backups!!!).

(Adam Hassall) #16

We’ve been using it for about 2 months and it does delete the email from the user’s mailbox. Are you using an older version perhaps?

(Kirk) #17

Just joined and sent out a baseline test. We just began using it but are getting errors from the Add-in. Working with KB4 to get it fixed

(Paul Martin) #19

We use Gmail, so we’re eagerly awaiting the Gmail Phish Alert button coming out of beta. But as soon as it is, and we complete initial user training (we just completed our first “baseline” phishing campaign) we plan to roll it out as soon as we can.

(Brett Torgrimson) #20

I installed it on my Outlook and cannot wait until I get a Phishing email to test it. I have even been looking through our Office365 quarantine for email that I can release to try it out. I guess my lack of phishing email is a good think…right?


We tested it in house, but as it is not a multilingual solution we will not be implementing it.