Improving Email Security with PhishER

Project write-up about implementing KnowBe4's PhishER to better equip the security team when analyzing threatening emails.

Brandon Cox

12/1/20222 min read

silver fishes underwater
silver fishes underwater

Project Overview:

The implementation of PhishER from KnowBe4 aimed to revolutionize the handling of reported phishing emails within our organization. Previously, employees would use the Phish Hook tool to report suspicious emails, but this method posed significant security risks as forwarded emails retained clickable links, potentially endangering high-level access individuals. PhishER was introduced to analyze reported emails using machine learning and predefined keywords, significantly reducing the risk posed by phishing threats and providing a secure means for the IT security team to assess potential dangers.

Project Objectives:

  1. Implement PhishER to securely analyze reported phishing emails and mitigate associated risks.

  2. Utilize KnowBe4’s machine learning technology and predefined keywords for accurate threat detection.

  3. Provide the IT security team with a centralized console for comprehensive email analysis.

  4. Enhance the security posture of the organization by reducing the likelihood of successful phishing attacks.

Project Execution:

  1. Planning Phase:

    • Conducted an in-depth analysis of the existing email reporting process and identified security vulnerabilities.

    • Researched and evaluated the features and capabilities of PhishER to ensure alignment with organizational needs.

    • Developed a detailed implementation plan outlining tasks, timelines, and resource requirements.

  2. Preparation Phase

    • Prepared the infrastructure and environment for the deployment of PhishER.

    • Configured predefined keywords for accurate threat detection.

    • Conducted training sessions for the IT security team to familiarize them with the PhishER platform and its functionalities.

  3. Implementation:

    • Deployed PhishER within the organization's email infrastructure, ensuring seamless integration with existing systems.

    • Configured PhishER to analyze reported emails automatically and alert the IT security team of potential threats.

    • Tested the functionality and performance of PhishER to ensure reliability and effectiveness in detecting phishing emails.

  4. Post-Implementation:

    • Monitored PhishER's performance and fine-tuned configurations as needed to optimize threat detection.

    • Conducted training sessions for employees to educate them on the importance of reporting phishing emails.

    • Reviewed and analyzed the effectiveness of PhishER in reducing the risk posed by phishing attacks.

Project Outcome:

The implementation of PhishER has significantly enhanced the organization's ability to detect and mitigate phishing threats. By leveraging machine learning technology and predefined keywords, PhishER has provided the IT security team with a powerful tool for analyzing reported emails and identifying potential dangers. The centralized console has streamlined the email analysis process, allowing for more efficient threat response and reducing the risk posed by phishing attacks. Overall, PhishER has strengthened the organization's security posture and enhanced protection against evolving cyber threats.

Lessons Learned:

  1. Effective communication and training are essential for successful implementation and adoption of new security solutions.

  2. Continuous monitoring and optimization are necessary to ensure the ongoing effectiveness of threat detection mechanisms.

  3. Collaboration between IT security teams and end-users is critical for identifying and mitigating phishing threats effectively.


The implementation of PhishER represents a significant advancement in the organization's cybersecurity strategy. By addressing the shortcomings of the previous email reporting process and introducing a secure and efficient method for analyzing phishing emails, PhishER has strengthened the organization's defenses against cyber threats. Moving forward, continued vigilance, training, and optimization of PhishER will be essential to maintain a proactive approach to cybersecurity and safeguard sensitive information and systems.