Carnegie Mellon University
Computing Services  ›  Information Security Office  ›  Training and Awareness  ›  The Phish Bowl  ›  phish-alarm-faqs

  • Frequently Asked Questions

  •  
  • Which CMU Domains are provisioned to use PhishAlarm with Google Mail? Only @andrew.cmu.edu.
  •  
  • Can PhishAlarm be used with the Gmail app on a smartphone? No, PhishAlarm is only compatible with Google Mail in a web browser.
  •  
  • If a student converts an account from student to alumni, what will happen to the PhishAlarm add-on? When a student Andrew account is converted to an alumni account, the student Andrew account is suspended and moved to a new instance of Google Mail (for alumni) which does not have access to PhishAlarm.
  •  
  • Can a user specify which email is to be reported, or do they report the entire email thread? PhishAlarm is only available when interacting with a specific mail message in a thread. PhishAlarm will then display which email is being reported should there be multiple emails expanded in the thread.
  •  
  • Can PhishAlarm be uninstalled? No, it cannot be uninstalled at the individual account level.
  •  
  • Does Proofpoint (PhishAlarm) collect any personal information? After a suspected phishing email is reported, the contents of the message are sent to Proofpoint and stored on their server for up to 30 days for troubleshooting purposes prior to deletion.
  •  
  • What happens if confidential information is accidentally identified as phishing with PhishAlarm? If any confidential information is received by the Help Center or the Information Security Office, follow the Standard PII Process "Manage PII Data in Service Now" KB0012013 to remove all sensitive information from the email. The contents of the message will still be submitted to Proofpoint's server and stored for 30 days prior to deletion. 
  •  
  • What happens to the email after it is reported to the Information Security Office? Once the email is reported to the Information Security Office through PhishAlarm, the original email is then moved to the reporting user's junk mail folder.
  •  
  • How can a user determine if an email is a phish or spam? A phish email is a malicious attempt to steal personal information such as passwords or financial information. Spam is unsolicited advertisement email sent in bulk. For more information on the differences between phishing and spam visit: Phishing vs Spam
  •  
  • When will PhishAlarm be available for Outlook users? PhishAlarm is currently being tested with Outlook 2019 Professional Plus and is anticipated to be fully supported later in 2020. PhishAlarm version 3.2.37 is available for Microsoft Outlook 2010-2016 as an add-in for the desktop client only. This version of the PhishAlarm tool can be individually installed from the following CMU Box folder: https://cmu.box.com/s/ofvldptt9y051s3kwjc9brnlu0rkxm6p
  •  
  • Who should users contact for any errors with PhishAlarm? For errors with PhishAlarm you can contact the Information Security Office at iso@andrew.cmu.edu.