What is the Phish Alert Button?
In order to better protect the campus community from malicious e-mails, Chico State has deployed the Phish Alert Button, or PAB for short, by KnowBe4. KnowBe4's Phish Alert button gives campus email users a safe and efficient way to forward email threats to the security team for analysis and will automatically delete the phishing message from the user's inbox to prevent future exposure. For more information about phishing and and some of the phishing techniques that threat actors use, see 'What is Phishing?' at the bottom of this article.
The Phish Alert button will appear in the Microsoft Outlook desktop and Microsoft Outlook mobile clients as highlighted below:
If you are unable to see the Phish Alert button in your Outlook client, please see Adding the Phish Alert App to Outlook to add the app to your account.
When should you use the Phish Alert button?
You should only report messages you suspect are malicious, like phishing, spear phishing, or whaling emails. Reporting annoying messages, like spam, isn't as efficient.
Spam is unsolicited and unwanted emails, typically sent to try to sell you something. While it is often annoying and misleading, it is rarely malicious. Simply delete it!
Phishing messages are bulk emails, typically appearing to be from a reputable source, that asks you to take a specific action that can cause damage to you or your organization. These messages are malicious. Report it with the PAB!
Spear phishing emails are targeted attacks on a person or organization, occurring after a detailed research in order to make them seem especially real. These messages are extremely malicious and can lead to very damaging consequences. Report it with the PAB!
Whaling (A.K.A. CEO Fraud) are phishing attacks that target high-ranking executives at major organizations or other highly visible public figures, then use the accounts to attempt to fool an employee into transferring funds or disclosing confidential information. Report it with the PAB!
Why should you use the Phish Alert button?
By reporting email as Phish, you are helping to keep Chico State's email environment safe and secure. Phishing emails that are reported using the Phish Alert button are sent to the Information Security Office (ISEC) team for further vulnerability analysis. This helps the Division of IT (DoIT) and ISEC proactively know when phishing attacks are potentially reaching the inboxes of staff, faculty, and students. Once DoIT and ISEC are made aware of email security vulnerabilities, we can better defend the campus against threat actors who are persistently seeking to thwart our security defenses. You are an important part of the process of keeping Chico State safe and secure from compromise. Stop, look, and think!
How do you use the Phish Alert button?
Microsoft Outlook Desktop Email Client | Online Microsoft 365 Email Client | Microsoft Outlook Mobile Client for Android | Microsoft Outlook Mobile Client for Apple iOS
Microsoft Outlook Desktop Email Client
To report an email with the PAB icon at the top of your Outlook client, follow the steps below:
- Open the Outlook desktop client.
- Select or open the email message that you wish to report as phishing. The email that you wish to report must be visable, either in the reading pane or by double clicking on a message in the message list to open it in another window.
- Click the Phish Alert button displayed at the top-right corner of the Outlook client"
- In the drop-down menu that appears on the right side of the screen, click Phish Alert to forward the suspicious email to the Information Security team and delete it from your inbox.
- Once you have reported an email with the PAB, you will see a Success notification.
Online Microsoft 365 Email Client
If you use Microsoft 365, follow the steps below to report an email with the PAB:
- Open the email that you would like to report.
- Click the 'box of boxes' button at the top-right corner of the email.
- From the pop-out menu that opens, click Phish Alert.
- In the prompt that opens, click Phish Alert again to report the email.
- After you click Phish Alert again, a message will display. This message will tell you if the email you reported was a simulated phishing attack or if the email will need to be reviewed by your IT team. For an example of a message that you may receive if you successfully report a simulated phishing email, see the screenshot below:
Microsoft Outlook Mobile Client for Android
If you use the Microsoft Outlook app for Android, follow the steps below to report an email:
- Open the email that you would like to report.
- Click the ... button at the top-right corner of the screen. Check the rest of the screen if you do not see the button in this location.
- Click the Phish Alert icon.
- In the prompt that opens, click Mobile Phish Alert to report the email.
- After you click Mobile Phish Alert, a message will display that congratulates you for reporting the email. To close this message, click OK.
Microsoft Outlook Mobile Client for Apple iOS
If you use the Microsoft Outlook app for Apple iOS, follow the steps below to report an email:
- Open the email that you would like to report.
- Click the … button at the top-right corner of the screen.
- Click the Phish Alert icon.
- In the prompt that opens, click Phish Alert again to report the email.
- After you click Phish Alert again, a message will display to congratulate you for reporting the email. To close this message, click OK.
What is Phishing?
Phishing is a cybercrime in which a target or targets are contacted by email, telephone, or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking, and credit card details, and passwords.
The information is then used to access important accounts and can result in identity theft and financial loss.
Most phishing attacks are sent by email. The fraudster will register a fake domain that mimics a genuine organization and sends thousands of generic requests. The fake domain often involves character substitution, like using ‘r’ and ‘n’ next to each other to create ‘rn’ instead of ‘m’. In other cases, the fraudsters create a unique domain that includes the legitimate organization’s name in the URL. There are many ways to spot a phishing email, but as a general rule, you should always check the email address of a message that asks you to click a link or download an attachment.
There are two other, more sophisticated, types of phishing involving email:
The first, spear phishing, describes malicious emails sent to a specific person. Criminals who do this will already have some or all of the following information about the victim:
- Their name.
- Place of employment.
- Job title.
- Email address; and
- Specific information about their job role.
Whaling attacks, also known as CEO fraud, are even more targeted, taking aim at senior executives. Although the end goal of whaling is the same as any other kind of phishing attack, the technique tends to be a lot subtler. Tricks such as fake links and malicious URLs aren’t helpful in this instance, as criminals are attempting to imitate senior staff. Whaling emails also commonly use the pretext of a busy executive who wants an employee to do them a favor. The criminals play on employees’ willingness to follow instructions from their bosses. Recipients might suspect that something is amiss but are too afraid to confront the sender to suggest that they are being unprofessional.
Remember STOP, LOOK, and THINK before opening an attachment or clicking a link in an email!