Customize Subject Prefix for Phishing Warning Emails

Check Point Email Security now allows customization of the subject prefix applied to phishing emails delivered with a warning.

When emails are detected as phishing but still delivered to end users, they typically include both a warning banner and a default subject prefix. Until now, this prefix was fixed as “Phishing Alert!”, limiting how organizations could tailor user-facing messaging.

With this update, administrators can now fully customize the subject prefix – whether to align with internal communication standards, reduce alert fatigue, or remove the prefix entirely. This added flexibility helps organizations strike the right balance between security awareness and user experience, ensuring that warnings remain effective without being overly disruptive or confusing.

To customize the subject prefix, navigate to the Threat Detection policy, select the “User receives the email with a warning” workflow, and then click the cog icon next to it. From there, modify the subject alert format based on your preference.

This feature is gradually being deployed and will be available in customer portals over the next 7 days.

You may also like

World Password Day 2026: Why “Strong Passwords” Can’t Save You from AI, Infostealers, and the Telegram Underground

SaaS Abuse at Scale: Phone-Based Scam Campaign Leveraging Trusted Platforms

Attackers Continue to Target Trusted Collaboration Platforms: 12,000+ Emails Target Teams Users

Phishing Campaign Leverages Trusted Google Cloud Automation Capabilities to Evade Detection