Who is using the KnowBe4 Phish Alert button?

Just seeing your post now but I can give you some answers to your questions.

The messages are identified by the existence of certain headers in the message, no headers and the button knows that it wasn’t sent by our system. It goes one step further and validates that the unique string in the header is known on our side as well.

The training reminders shouldn’t be triggering the congratulations so that’s something that will have to get looked into, I’ll make sure the right people look into this.

1 Like

Thanks for the response @Greg_Kras.

On a somewhat related note… After we rolled out the Phish Alert button to a group of about 100 technical people, some of them started clicking the Phish Alert button to report spam. We currently only have these coming to an internal group, but I’m wondering: If we have these automatically sent to KnowBe4, will anything bad happen when people report spam (or just unwanted messages that might not be spam at all)?


That’s a very valid question. I think the best answer is to give you a quick explanation of how the reported messages are addressed. The first process essentially a sorting of submissions in 3 different categories; spam, phish, unknown.

The spam messages are skimmed off first because we do get a lot of those, thankfully the analyst group has been dealing with spam for decades and has methods and tools to speed up the process.

The phish emails can be recognized because we’ll see campaigns going out to a multitude of customers and patterns can be gleaned fairly quickly.

The unknown are the ones where the time is spent. These are a mix of legit emails that were erroneously flagged (people really do say “Here is the attached invoice”, attach a file, and nothing more), new phishing campaigns, and some really interesting spear fishing attempts. This bucket takes the most processing time because sometimes it’s really obfuscated as to what is actually going on. Legit emails get discarded once identified and the phish emails get tagged and tracked.

So, quick answer is that it would be nice to not get spam reported but it’s certainly something we anticipate and have workflow to address.

Thanks. That’s useful information. I hadn’t considered that the non-spam emails would create the most work for your team, but it does make sense.

Part of me wants to bring this information back to my user base, but on the other hand I don’t want to discourage anyone from reporting suspect emails. I suppose I’ll have to find a balance.

We are trying to implement the Phish Alert button now in preparation for starting our phishing simulation campaigns. It’s not going well though. It only seems to work when the client machine is off the corporate network and connected to a non-corporate WiFi. Has anyone else had this issue?

Hi Caroline,

You’ll want to ensure that you can reach https://training.knowbe4.com/api/v1/phishalert/ (allow outbound connections to remote servers on port 443, that is the server URL the Phish Alert Button is trying to contact with a POST request).

You can try making that change and you should be good to go, but please let me know if you’re still having trouble. I’m happy to help!

We have been using KnowBe4 for about a year and are just considering the Phish Alert button (Lotus Notes email). The concern raised is about how much time it will take to review all that is reported/over reported - as people have said, they get legitimate emails and spam along with phishing messages. We have approximately 200 employees. Any one have an estimate of how much time is spent reviewing all that is reported?

We are using it, we have the PhishAlert button forward the email to our helpdesk which is set to automatically reply with a Thank you! and then the ticket is archived for us. Once a week we look through these emails. We have a couple trigger happy users.

1 Like

We’ve deployed it organization-wide (~70 users) and we’ve had some success with it. We get a lot of junk and spam messages that aren’t phishing, but it seems that users are more comfortable reporting anything suspicious, instead of letting their curiosity get the better of them.

Since we automatically and randomly test, I’ve found that adding the button increases the likelihood that users will either ignore or report phishing emails - it seems to give them some peace of mind knowing that if it’s not phishing they will get the email sent back to them - even if it’s a few days later.

1 Like

We have been using the Phish Alert button for a few months, and we are happy with it. While we do get quite a few people submitting SPAM or even just regular marketing emails, that has dropped off recently. Also, as some others have said, we’d rather that they report SPAM as phishing than being trusting and inadvertently clicking on a malicious link.

One problem we have had is that people will report our own legitimate internal emails as phishing attempts. Like when we send out a required training assignment, and they report it as phishing.

1 Like

We have about 1500 users with this enabled. Clients are Windows 10 Enterprise with Office 2016. The alerts go to the offshore team and they have a standard operating procedure they follow to determine the validity. We’re receiving about 300+ alerts from users each month. Well received by the user community and would encourage deploying.


I feel like I may be in the minority here, but I don’t have any heartburn with folks using the Phish Alert button for Spam. We can certainly tell the difference here and ignore the spam, but if a user is on the fence, or can’t tell the difference, I don’t see any harm in erring on the side of caution.
We all also know that Unsubscribe buttons can be trouble, whether they are on a Spam or Phishing mail.

Yeah, I shook my head at first, but then thought “why be bothered, what’s the downside?”

1 Like

Hi Dave,

We’ve released Multi-PAB, which will allow admins to create multiple PAB instances on their KnowBe4 account. Admins can then customize the button / message text for each one of the PAB instances in their KnowBe4 account settings. Through this method, you could specify different languages for the different PAB instances.

This helpdesk article goes into this feature in more detail: https://support.knowbe4.com/hc/en-us/articles/115012103388

Feel free to reach out to us at support@knowbe4.com if you have any questions, take care.

Has anyone had an issue with Outlook closing the PhishAlert button because it says it slows down Outlook opening? I know it has happened to a few of our users and normalyl requires some manual intervention to get it back up

I deployed the PAB to my executive leadership team since they are the most obvious and frequent targets. They liked it so much they asked me to deploy it to the entire company. So far, it’s worked out well. End users get a nice pat on the back when they use it during a phishing campaign it helps me to block more and more senders.
I have only ever had one problem. I have one user that the PAB will not remain enabled. I have reinstalled office, reinstalled the PAB. Nothing I have done thus far allows me to enable it for this one user. Otherwise, I like it.

Office 365 lets you do that in the OWA, BTW…

I am using the PAB for my MS Windows machines but would love to use it for my MAC environment.

We use the PAB as well. Curious why you don’t like the idea of the users being congratulated for successfully identifying a phishing email. This particular message appears when a training email is submitted. I think it is good for the user to feel they did the right thing; a little pat on the back for keeping the organization more secure. If you really don’t want it to show up you can remove it or change it to whatever you desire under your account settings.

Related question - has anyone built a leaner version of the button;

Rather than it connecting to knowbe4 for ‘button text’ retrieval etc. which on occasion has been slow - it would be good if it only did so for actual mail operations?

Hoping some kind soul had already re-cut the MSI?


Woah I didn’t even know this was a thing! Thanks for sharing! I have been using this website to check numbers for phishing scams but any other tools you can advise of would be great help! Thanks, Sammy

1 Like

Featured Webinars

Advanced Phishing and

Monday 1:30 PM – 2:30 PM
» Learn More
Outlook Phish Alert Button
Tuesday 1:30 PM – 2:30 PM
» Learn More
Customizing Phishing Templates, Landing Pages, & Training Notifications
Wednesday 1:30 PM – 2:30 PM
» Learn More
Active Directory Integration
(ADI) Setup

Thursday 1:30 PM – 2:30 PM
» Learn More

Friday 1:30 PM – 2:30 PM
» Learn More

Privacy Policy | Terms of Service