Phishing is one of the biggest security concerns for any organization. All levels of K12 organizations are a potential target for scammers. KnowBe4, the company the Myrtle Point School District contracts to provide IT Security Awareness and phishing simulation training, also provides tools to help us protect our schools from real-world phishing attacks.
Beginning in March 2023, the IT team will implement KnowBe4's Phish Alert Button (PAB) in Outlook. This button allows users to report suspected phishing emails easily and safely. It will appear in all Outlook platforms: desktop apps, mobile apps, and Outlook Web Access (OWA).
When should I use the PAB?
Phishing is an attempt to get personal or account information for malicious purposes, such as financial or identity theft. The PAB should be used any time you get an email you suspect to be a phishing or scam attempt. User reports are the best way for the MPSD IT team to be alerted to potential attacks and help stop such scams.
The PAB should not be used to report spam (unwanted “junk” email) or emails you don’t want from services you use. These emails should be deleted.
Where will I find the PAB?
In the Outlook desktop app, the PAB can be found on the tool ribbon across the top of the window. (Note for Mac users: Currently, the PAB is not compatible with the latest version of Outlook for macOS. KnowBe4 has acknowledged this issue and is currently working on a solution.)
If you cannot see the button, click the three dots at the end of the ribbon. The PAB will appear on the drop-down list.
If you would like to move the PAB out of the drop-down list and onto the ribbon to be always visible, follow the instructions below.
Right-click (or Ctrl + click in macOS) the tool ribbon.
Rick-click the PAB
Click “Pin to Ribbon”
In Outlook mobile apps, both iOS and Android, you can find the PAB by opening a message and tapping the three dots on the upper right of your screen
In Outlook Web Access (OWA), the PAB will be at the top of open messages, to the right of the email header. You will likely see a notification the first time you log in after installation.
How do I use the PAB?
If you receive an email that you believe to be a phishing attempt, simply click the PAB using one of the methods described above. You will see a message asking you to confirm that you want to report the email as phishing. If you confirm, a copy of the email will be sent to the UofM email administrators and IT Security team. The original email will be moved to your Deleted Items folder.
I reported an email, but I need to see it again. Can I still see the email?
Yes. After you report an email using the PAB, the original message is moved to your Deleted Items folder. If you need to see an email you reported, select Deleted Items in your folders list and find the message. If you determine that the email is not a phishing attempt, you can move it back to your Inbox or the appropriate folder by either dragging it to the correct location on your folders list or right-clicking the message and selecting the desired folder in the “Move” menu.
I have a specific question about a suspected email. Can I include it when I report the email?
If you would like to request specific guidance about an email instead of simply reporting it as a phishing scam, please create an "Email" ticket in the Staff Help Desk, and include your question or request. For now, reports made using the PAB cannot include additional information or questions.
I don’t see the PAB in Outlook, or I have a question not answered here.
The PAB will be implemented February 6th, 2022. After that date, please refer to Where will I find the PAB? above. If you do not see the PAB in Outlook after February 6th, make sure you are using the latest version of Outlook and restart your device.
If you still cannot see the PAB or have another question, please submit a ticket through the Staff Help Desk or call us at extension 2207.
How Do I Use the Phish Alert Button (PAB) in Microsoft Outlook? (KnowBe4.com)
How Do I Use the Phish Alert Button for Microsoft 365? (KnowBe4.com)
KnowBe4 Security Docs: Using the Phish Alert Button – Outlook desktop (PDF) and Outlook 365 – Web Access (PDF)