Phish Alert Button In Outlook

Phishing attacks are one of the most prevalent and dangerous types of cybercrime that organizations worldwide are currently facing. In 2020, phishing emails were a leading point of entry for ransomware – 75% of companies globally faced phishing attacks, and 74% of those in the US were successful.

While spam filters catch many phishing emails, newer and more sophisticated ones get through. If an employee clicks on a link to a malware-infected website, opens an attachment with a malicious payload, or divulges their login credentials, an attacker can access a corporate network undetected. To help protect your organization against phishing emails, your employees can use the new Phish Alert Button (PAB) on Outlook to report any suspicious or potentially dangerous emails.

The use of the Phish Alert Button will provide your security team with an early warning of possible phishing attacks or malicious emails to take effective action to prevent security or network compromise. This tool reinforces your organization’s training and security culture in a hands-on learning experience for your employees. Using the PAB, your employees will become a human firewall and act as your organization’s first line of defense against potential cyber threats.

When to Use the Phish Alert Button

The Phish Alert Button makes reporting suspicious emails easy- you can report any email as a phishing email with the click of a button. When viewing an email that you believe to be a phishing attempt, simply click the Phish Alert button, confirm the details, and then click okay. The email will be deleted from your inbox and forwarded to our IT team for analysis. The reported email will be in your Sent Items as a forwarded message and will be deleted from your inbox. If you report an email by mistake, you can retrieve it from deleted items/ trash.

How to Use the Phish Alert Button

The Phish Alert Button is available on mobile devices, Microsoft 365, and desktop clients.

Outlook mobile app (Android): To use the PAB on android:

  1. Click the three dots in the top right corner of the email. This will open a context menu displaying the Phish Alert Button.
  2. When you tap the button, it will prompt you to confirm that you want to report the email as a phishing email.
  3. Tap the Mobile Phish Alert button to report the email.

Outlook mobile app (iOS): If you’re using an iOS, you can report an email with PAB by following these steps:

  1. Click on the three dots in the top right corner of the screen, and the Phish Alert Button will appear.
  2. Tap the PAB, and a prompt will ask you if you are sure you want to report the email as a phishing email.
  3. Click the Phish Alert button to report the email.

Desktop client: The Phish Alert Button may appear in one of two locations:

  • At the top of your Outlook client: In this view, you can report a phishing email by clicking the Phish Alert Button while the email is open. A prompt will ask you if you want to report the email as a phishing email. Click Yes to report the email, or click No not to report the email.
  • As a clickable Phish Alert button on an unopened email: To report a phishing email, clock on the Phish Alert tab to open a drop-down screen, and a prompt will ask you if you want to report the email as a phishing email. Click the Phish Alert button to report the email.

Microsoft 365: The PAB icon will appear in the drop-down menu of an open email. A sidebar prompt will ask you if you want to report the email as a phishing email. Click the Phish Alert button to report the email.

How to Spot Phishing Emails

The first step in spotting a phishing email comes with understanding what a phishing email is. Unlike malware or other computer viruses, phishing emails are more subtle – the attacker may use social engineering techniques to make their email look genuine. They typically include a request to click on a link, open an attachment, or provide other sensitive information such as login credentials.

Here are five ways to spot phishing emails:

  1. Urgent call to action or threats: Creating a false sense of urgency is a common trick of phishing attacks and scams. Be suspicious of emails that claim you must click, call, or open an attachment immediately. For example, a phishing email may show that your account may have been compromised, and the only way to verify it is to enter your login details.
  2. Emails with generic greetings: While spear-phishing email attacks mainly target individuals, other prevalent phishing emails come with a “spray and pray” approach. Phishing emails are sent to several recipients and cannot contain a specific greeting with the individual’s name, but only a generic greeting like Dear, Hi, or Hello.
  3. Suspicious attachments: Thanks to cloud computing, most work-related file-sharing occurs via collaboration tools such as Dropbox, SharePoint, or OneDrive. Therefore, you should be suspicious of internal emails with attachments, especially if they have an unfamiliar extension such as .zip, .exe, or .scr. For external emails, alarm bells should ring if you receive an email from a company out of the blue that contains an attachment, especially if it relates to something unexpected.
  4. First-time or infrequent senders – While it’s not unusual to receive an email from someone for the first time, especially if they are outside your organization, this can be a sign of phishing. When you get an email from someone you don’t recognize or that Outlook identifies as a new sender, take a moment to examine it extra carefully before proceeding.
  5. Misspelled email domain: A phishing email will most likely come from an address that appears to be genuine. However, if you take a moment to examine the email address, you will find that it’s a variation intended to appear authentic – for example,, where the second “o” has been replaced by a 0.

The most important rule for preventing phishing attacks is don’t click on a link, and don’t download attachments unless you’re positive you know the sender. Feel free to check with that sender before clicking on anything and verify all links included in the body of the email by hovering over the link to see what URL it actually goes to. Look for logos that feel a bit off, as well as misspellings or grammatical errors in emails from reputable institutions such as banks or government offices.

Secure Your Business with Our Cybersecurity Solutions

Phishing schemes continue to become more sophisticated, with targeted attacks (spear phishing) posing a threat to many businesses. Immediate reporting will help your company’s security team alert other employees and contain the threat before it causes any damage. From the CEO to the junior-most employee, each individual in the organization must share the responsibility to avoid becoming a victim of a phishing scam.

At Kraft Technology Group, we help organizations across Nashville and Middle Tennessee secure their businesses against cybersecurity threats, including phishing attacks, ransomware, malware, and viruses. Our comprehensive cybersecurity solutions include endpoint management, email security, firewall configuration management, business-grade antivirus, regular security assessments, data back up and encryption, and continuous cybersecurity monitoring, ensuring end-to-end protection. Contact us today to schedule a consultation and let us help secure your business.