PhishAlarm and PhishAlarm Analyzer: Features and Benefits

PhishAlarm simplifies the process users follow to report phishing and other suspicious messages to abuse boxes. Users do not need to know how to capture header information or other technical details; they simply click to report.

PhishAlarm makes it easier for employees to report suspicious messages, allowing them to alert IT teams in a quick, efficient manner. This helps to shorten the phishing delivery-recognition-response window for information security analysts. 

PhishAlarm supports multiple end-user notifications, all of which are completely customizable: 

• Challenge/prompt message – This appears when the reporting button is clicked, giving users the option to change their mind about reporting a message. 

• Phish notification – Users receive this message (via a pop-up window or email) when reporting a potential phish or a simulated attack. The standard text thanks users for taking the action and asks them to remain vigilant to suspicious messages in the future. 

• Whitelist notification – This message (received via a pop-up window or email) notifies users that an email they reported was actually a safe message from an address/domain that was whitelisted by your organization. 

• Training notification – This response (displayed in a pop-up window or sent via email) alerts users that they reported a safe message that included a training assignment. 

PhishAlarm offers a number of configuration options for administrators that make the tool more flexible and efficient for individual organizations. Key administrative features include the following: 

Whitelist Email – This patent-pending feature allows administrators to filter based on domain, subject, and/or email headers. This reduces the number of emails that require evaluation, allowing infosec response teams to cut through the clutter and focus on actual potential threats. 

Customization of the PhishAlarm button – Administrators can choose from multiple button layouts and customize various labels in order to create a look and feel that support their corporate brand. 

Tailored system and forwarding actions – Administrators will have the option to tailor system actions (e.g., deleting or moving to Junk folder) and reporting actions (e.g., forwarding to specific inboxes) based on the following notification settings: 

• Reported a simulated phishing attack 

• Reported a potential phish 

• Reported a potential phish with an attachment 

• Reported a whitelisted email 

• Reported a training assignment 

PhishAlarm Analyzer delivers highly responsive identification of phishing attacks in real time (i.e., zero-hour attacks). Emails reported via PhishAlarm are accessed, analyzed, and categorized, and they are immediately available to your response teams. 

PhishAlarm Analyzer constantly evolves and adapts to new email threat patterns. Tens of billions of emails from Proofpoint threat intelligence are scanned each week and used to protect against increasingly sophisticated techniques, including spear phishing and business email compromise attacks. Dedicated sandboxing of URLs and attachments in reported messages help prevent time-delayed and brand new threats.

When similar email messages are reported through PhishAlarm, the resulting PhishAlarm Analyzer notifications can be grouped to eliminate redundancies, reduce clutter, and improve productivity. Threshold alerts can let response teams know when the number of similar notifications has reached a level that could indicate an emerging threat or organization-wide attack. In addition, once that threshold has been passed, PhishAlarm Analyzer will automatically escalate the classification of similar reported emails to “Likely a Phish” because this could be an indication that an organization is under attack.

Our intuitive graphical user interface makes it easy to set up and activate your account. Highly customizable settings can be monitored and adjusted using our web-based PhishAlarm Analyzer management console.