PhishAlarm and PhishAlarm Analyzer

Report Phishing Emails and Analyze Threats

PhishAlarm and PhishAlarm Analyzer

Report Phishing Emails and Analyze Threats

Currently available email filters are great at targeting spam, but despite advances in technology, a small percentage of malicious messages still end up in users’ inboxes. PhishAlarm® allows end users to report phishing emails and other suspicious messages with one mouse click, and PhishAlarm® Analyzer helps organizations identify and target the most pressing threats.

Request a Demo


Extend Phishing Prevention to the Desktop

A simple but effective email client add-in, PhishAlarm can reduce the window of risk associated with active phishing attacks, extending phishing prevention to the desktop and allowing users to easily report phishing and stop social engineers and hackers in their tracks.


Make the Most of Your Cybersecurity Awareness and Training

PhishAlarm is included with a ThreatSim Phishing Simulation license, and it can help you make the most of your security awareness and training efforts by reinforcing best practices and encouraging good behaviors.


Prioritize Threats for Faster Remediation

A companion to PhishAlarm, PhishAlarm Analyzer employs machine learning techniques to provide a real-time ranking of reported emails in order of threat potential. This allows your security team to focus their time and attention on the most imminent and dangerous threats within your network.


Reduce Risk with Our Continuous Training Methodology

Our Continuous Training Methodology consists of four elements: Assess, Educate, Reinforce, Measure. PhishAlarm is a reinforcement tool, allowing users to apply lessons from their security awareness training; PhishAlarm Analyzer is a measurement tool, providing security teams with a real-time ranking of suspicious emails in order of threat potential.

About Our Methodology

PhishAlarm: One-Click Reporting of Suspected Phishing Emails 


Reduce the Duration and Impact of an Active Phishing Attack

The PhishAlarm email client add-in allows your users to report suspicious messages to security and incident response teams with the click of the “report phish” button. This is a valuable addition to security awareness and training programs, as early reporting can dramatically reduce the duration and impact of an active phishing attack.


Reinforce Best Practices in Security Awareness

PhishAlarm automatically provides positive behavior reinforcement by immediately thanking end users (via a pop-up message or email) for reporting suspicious emails and encouraging them to continue those actions in the future.

PhishAlarm: Key Benefits and Features

Simplified Reporting

PhishAlarm simplifies the process users follow to report phishing and other suspicious messages to abuse boxes. Users do not need to know how to capture header information or other technical details; they simply click to report.

Reduced Helpdesk Calls

PhishAlarm reduces or eliminates IT helpdesk calls by allowing employees to route suspicious emails directly to a monitored inbox.

Faster Response Times

PhishAlarm makes it easier for employees to report suspicious messages, allowing them to alert IT teams in a quick, efficient manner. This helps to shorten the phishing delivery-recognition-response window for information security analysts.

Multiple Integrations

PhishAlarm integrates with:

  • Microsoft Outlook for Windows (2010, 2013, 2016)
  • Microsoft Outlook 2016 for Mac
  • Browser-based Office 365
  • Browser-based Gmail available as a G Suite Marketplace app
  • Outlook Web Access (OWA) for iPhone/iPad and Android
  • Outlook Mobile for iOS and Android

Customizable Notifications

PhishAlarm supports multiple end-user notifications, all of which are completely customizable:

  • Challenge/prompt message – This appears when the reporting button is clicked, giving users the option to change their mind about reporting a message.
  • Phish notification – Users receive this message (via a pop-up window or email) when reporting a potential phish or a simulated attack. The standard text thanks users for taking the action and asks them to remain vigilant to suspicious messages in the future.
  • Whitelist notification – This message (received via a pop-up window or email) notifies users that an email they reported was actually a safe message from an address/domain that was whitelisted by your organization.
  • Wombat training notification – This response (displayed in a pop-up window or sent via email) alerts users that they reported a safe message that included a Wombat training assignment.

Multinational Support

PhishAlarm notifications are available in 35 languages to support the needs of multinational organizations.

Learn More

Flexible Configuration Options

PhishAlarm offers a number of configuration options for administrators that make the tool more flexible and efficient for individual organizations. Key administrative features include the following:

  • Whitelist Email – This patent-pending feature allows administrators to filter based on domain, subject, and/or email headers. This reduces the number of emails that require evaluation, allowing infosec response teams to cut through the clutter and focus on actual potential threats.
  • Customization of the PhishAlarm button – Administrators can choose from multiple button layouts and customize various labels in order to create a look and feel that support their corporate brand.
  • Tailored system and forwarding actions – Administrators will have the option to tailor system actions (e.g., deleting or moving to Junk folder) and reporting actions (e.g., forwarding to specific inboxes) based on the following notification settings:
    • Reported a simulated phishing attack
    • Reported a potential phish
    • Reported a potential phish with an attachment
    • Reported a whitelisted email
    • Reported a Wombat training assignment

Business Intelligence

PhishAlarm features powerful reporting that allows you to easily access and share valuable business intelligence, including the following information:

  • The users who reported emails
  • The types of emails reported (potential phish vs. simulated attacks)
  • The number and types of reported threats identified over time (hours, day, weeks, months, quarters)

This type of data can help you gauge how successful your security awareness training program has been, and how well users are retaining the best practices they are being taught.

PhishAlarm Analyzer: Email Prioritization for Faster Remediation

Alt Text

Focus on the Most Imminent and Dangerous Threats to Your Network

Adding PhishAlarm Analyzer gives security response teams access to reliable, actionable information about reported emails. Emails are prioritized based on their likelihood of being an actual phishing attack, and an HTML report is then delivered to designated security and/or incident response teams for review and response.

Alt Text

Rank Suspicious Emails, Not Your Users

Other tools rank reported messages based on the users’ level of “trustworthiness” and “accuracy,” but PhishAlarm Analyzer ranks the reported emails themselves. It analyzes an email’s content and classifies it using standard security indicators of compromise (IOCs), taking into account known threat vectors obtained from established databases and technical resources.

PhishAlarm Analyzer: Key Benefits and Features

Identification of Advanced Threats

PhishAlarm Analyzer delivers highly responsive identification of phishing attacks in real time (i.e., zero-hour attacks). Emails reported via PhishAlarm are accessed, analyzed, and categorized, and they are immediately available to your response teams.

Intelligent Prioritization

The three email prioritization categories used by PhishAlarm Analyzer are: Likely a Phish, Suspicious, and Unlikely a Phish. Administrators have the ability to configure the sensitivity thresholds for each of these categories (on a scale of 0 to 30). This flexibility allows administrators to minimize the number of false positives and false negatives registered for their organization.

Machine Learning Functionality

PhishAlarm Analyzer constantly evolves and adapts to new email threat patterns. Thousands of real attacks from the wild are scanned each week and used to learn about and guard against increasingly sophisticated techniques, including spear phishing attacks.

Delivery of Actionable Information

Each prioritized message contains a report that includes links to leading security intelligence sources. Security analysts can quickly and easily dig deeper into the threat(s) associated with the reported email. This is a great timesaver for security professionals who are facing an ever-increasing workload.

Consolidation of Email Notifications

When similar email messages are reported through PhishAlarm, the resulting PhishAlarm Analyzer notifications can be grouped to eliminate redundancies, reduce clutter, and improve productivity. Threshold alerts can let response teams know when the number of similar notifications has reached a level that could indicate an emerging threat or organization-wide attack. In addition, once that threshold has been passed, PhishAlarm Analyzer will automatically escalate the classification of similar reported emails to “Likely a Phish” because this could be an indication that an organization is under attack.

Targeted Routing of Reports

You can choose up to 25 recipients (including bulk inboxes) for each reported email category. In addition, reported emails can be routed to specific inboxes based on classification. This allows administrators to eliminate the likelihood of threats falling through the cracks and enables remediation efforts to be assigned based on severity level.

Easy-to-Use Interface

Our intuitive graphical user interface makes it easy to set up and activate your account. Highly customizable settings can be monitored and adjusted using our web-based PhishAlarm Analyzer management console.

Valuable Business Intelligence

PhishAlarm Analyzer reports include aggregated data on reported emails and their categories, as well as more in-depth data about the users who reported the emails. Administrators can see at a glance how incoming emails are classified and the changes compared to the prior month.

Learn More
New Report

2019 State of the Phish  What You Need to Know for the Year Ahead

We’ve been using Wombat’s PhishAlarm product for some time and can already see the positive impact it’s having on our organization. PhishAlarm easily replaced antiquated suspicious email reporting with a consistent and user-friendly process that positively affected employee behavior.

Senior Cybersecurity Analyst | Multinational Energy Company

Phishing simulation templates are very current and easy to customize to be realistic to our environment and situations.

Systems Administrator | Finance Industry

Wombat was very receptive and open to working with our organisation, we were initially given a brief introduction on the solution which gave us further insight on implementing our security awareness program. We have been able to assess our security posture with help from Wombat and have adopted the Wombat Continuous Training Methodology. The integration process was seamless. ThreatSim is also a very great feature.

Service Center Specialist | Finance Industry

Wombat Security: A Leading Behavior-Change Company

Continuous Training Methodology based on proven Learning Science Principles

Founded in 2008 based on research at Carnegie Mellon University

A leader for five consecutive years in the Gartner Magic Quadrant

Global customer base, including many Fortune 500 companies

Wombat Security: A Leading Behavior-Change Company

Continuous Training Methodology based on proven Learning Science Principles

Founded in 2008 based on research at Carnegie Mellon University

A leader for five consecutive years in the Gartner Magic Quadrant

Global customer base, including many Fortune 500 companies