Phish Alert Button

Do your users know what to do when they receive a suspicious email?

Should they call the help desk, or forward it? Should they forward to IT including all headers? Delete and not report it, forfeiting a possible early warning?

KnowBe4’s Phish Alert button gives your users a safe way to forward email threats to the security team for analysis and deletes the email from the user's inbox to prevent future exposure. All with just one click!

Phish Alert Benefits

checkmark Reinforces your organization’s security culture

checkmark Users can report suspicious emails with just one click

checkmark Incident Response gets early phishing alerts from users, creating a network of “sensors”

checkmark Email is deleted from the user's inbox to prevent future exposure

checkmark Easy deployment via MSI file for Outlook, G Suite deployment for Gmail (Chrome)

checkmark Supports: Outlook 2007, 2010, 2013, 2016 & Outlook for Office 365, Exchange 2013 & 2016, Chrome 54 and later (Linux, OS X and Windows)


Download KnowBe4's free Phish Alert Buttons for Outlook and Gmail here:


How Do I Change the Phish Alert Text in Office 365?

If you're using Office 365's Phish Alert Button (PAB) and you'd like to change the Phish Alert text to something else, you are able to.

Standard Phish Alert Text


How do I change the text? To do so, prior to installing the PAB into Office 365, download the Office 365 .xml manifest from your Account Settings in your console, open it in a text editor, and edit the following line of text:

Phish Alert" />

The text shown in red is where you may enter a replacement for the text which says "Phish Alert" by default.

Then save the file, and install the Phish Alert Button as you normally would. 

If you've already installed the PAB, you can follow the same steps as above. Simply remove your existing PAB add-in from Office 365, and then add the new .xml file you've edited as an Office 365 add-in. Your users will then see the PAB with the new wording that you've edited.


Having trouble locating your account settings? To locate your account settings, click your email address on the top right of the console, and click Account Settings.  The .xml manifest is located under the Phish Alert Button header in your account settings. 

Where is the Phish Alert Button in Office 365?

If the Phish Alert Button has been installed in Office 365 for your organization, you will see text which says "Phish Alert" within any opened email, as shown below. You can click on that text to report the email as a possible phishing email.

Phish Alert on Office 365


How Do I Use The Phish Alert Button?

Your company may have recently installed the Phish Alert Button (PAB) in Outlook. How does this work, and how can you use it to help keep your organization safe?

When do I use it?

Click the PAB anytime you believe you have received a phishing email, or any potentially dangerous email. Any emails you report using the PAB will be automatically deleted from your inbox. The emails you report will also be forwarded to a designated contact within your organization for analysis.

How do I use it? 

You'll see the Phish Alert add-in at the top of your Outlook client. To report an email as a phishing email, simply click the button while you're looking at the email. The email you reported will be forwarded to an email address designated by your organization and then will be deleted from your inbox. If you report an email in error, you can retrieve the email from your Trash/Deleted Items.

Phish Alert on Outlook

Why should I use it?

Reporting emails will help your organization stay safer. Because the emails you report are sent for analysis to your organization, your company will now be aware of which phishing attacks are able to reach their employee inboxes. Once they're aware of possible vulnerabilities, they can better defend against them. You are an important part of the process of keeping your organization safe from cyber criminals. Stop, Look, and Think!

How Do I Enable Phish Alert Button's Debug Mode?

How to Enable PAB's Debug Mode

  1. Browse to the following folder:
    • C:\Program Files\KnowBe4\Phish Alert (default location on 32-bit platforms)
    • C:\Program Files (x86)\KnowBe4\Phish Alert (default location on 64-bit platforms)
  2. Give yourself Full Control permissions for the following file: app.config
  3. Open app.config in Notepad, change Debug field to True (the default setting is False), and then Save the file.



  1. Open Outlook as an Administrator (Run as administrator).
  2. Refresh or re-open the Phish Alert directory from Step 1. You should see a file named PhishAlert.log in the Phish Alert folder.
  3. You can send the log file to our support team (support 'at' for assistance with troubleshooting PAB-related issues.