My business uses it everyday. I like the idea of staff knowing they get a spam, junk, or phishing e-mail, and report it.When I see phishing attachments, I like to investigate them with virustotal, Kaspersky online scanner, and Palo Alto.
We have deployed the Phish Alert button as well. So far none of my users have taken advantage of it - only other IT staff. I still think it is a great option and I will keep pushing people into using it.
Dan, not sure if this was already answered, but if you access your Account Settings (the same place you download the Phish Alert MSI), there’s options to customize the messages for non-simulated, and a separate message for simulated reports. I’ve just set both messages to the same thank you so that users do not know the difference.
We also use Gmail so we are waiting on support for that. Once that is available we will be pushing it out to all staff.
None here. We deployed it out a couple months ago and use Outlook 2016 with no problems.
We have be using it since it was first released, and it’s been a great tool for our Security Training efforts!
I would very much like to use the product, but we can’t risk it. If our users accidentally click the button on legitimate email, they could be sending regulated data to a 3rd party that isn’t authorized to receive it.
I would love it if KB4 could develop an on-premise device that the email if forwarded to and downloads phishing test data to determine what emails sent to it are KB4 mail or not. This way the emails never leave the local network.
We just can’t risk highly regulated data being accidentally sent to KB4. Same thing with testing to see if users will enter IDs and passwords in phishing emails. I can’t risk this data going offsite… even with KB4’s affidavit that none of the data is retained.
We need an on-premise device to handle this safely.
@Josh_Sanderson We haven’t had any issues with the Phish Alert plugin. We’ve installed it on Windows 7 Pro, 8.1 Pro, 8.1 Enterprise, and 10 Enterprise. Our Office versions have been 2010 and 2016. But we’re on the small side, less than 50 machines.
Echoing several other comments, many users are using the PAB as a spam button, however it has increased the amount of suspicious emails sent for investigation that otherwise would not have been sent. If nothing else, it establishes a new baseline of user reporting to further focus our education efforts.
We are not currently using it because our WatchGuard firewall already has a SPAM button plug-in for Outlook that we have used for years.
However, we have had a problem with KnowBe4 phishing test emails getting blocked somewhere in our system even though they are white listed. We are looking into that now.
By default the PAB actually doesn’t send any content outside of the organization, just to the people that you specify as the incident response team.
The button determines if the message is a simulation and if it is then the email is simply deleted and a record of the click is sent to KnowBe4’s servers. If the message is not a simulation then the email is packaged up as .eml attachment and sent to the specified accounts. The message is then deleted from the users mailbox (still in deleted items).
The only way the message content can leave the network is if you check the “Send Us A Copy” button in the admin preferences, by default it is NOT checked for privacy reasons. We do love to get the phish emails but we ere on the side of privacy for this feature.
How does the local client know if an email is part of a KB4 campaign without sending it to your server?
The email header is analyzed, there are characteristics the simulations have that are unique to those messages
Sweat. I’ll look more into it for us. Thanks for the input.
How does one get this magic button?
Our entire organization has implemented the Phish Alert button in Outlook and our users are very good at using it and flagging obvious spam. When we send a test it also gives a congratulations which we are glad to see.
I’m trying to get my IT Security team to use it (I’m a Net Admin/data plumber).
First step was to forward juicy articles from the blog every so often. Next step, every so often inform them of the PAB.
Especially when it comes time to renew the contract with our current phish training vendor.
I love the concept, it gives users something active to DO about suspicious emails. Once your people feel like they can do something useful (instead of just deleting), they start paying a little more attention. Until then they’re just along for the ride.
We just finished running a few tests with it are going to begin deploying it to our users. It has worked great in our tests.
OK, so I finally tracked how to get this button…installed it…and think it’s pretty cool. Gives users a sense of empowerment over emails. Makes them pay a little closer attention to emails and content.
I feel the same. Concerned with deploying company wide.