Cofense PhishMe Reviews

12 Ratings
<a href='' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 7.7 out of 100

Do you work for this company? Learn how we help vendors

Overall Rating

Reviewer's Company Size

Last Updated

By Topic




Job Type


Reviews (1-9 of 9)

Companies can't remove reviews or game the system. Here's why.
May 11, 2020
Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
We use Cofense PhishMe globally across the whole organization of approx. 60k users. It is part of our security awareness program and through simulated phishing emails provides experiential learning to users. Through practice, they get better at spotting a suspicious email. We also use the Cofense Phishing Reporter button that gives a user a one-click way to report a suspicious email.
  • Service - it isn't just another tool you need to operate. Cofense service includes an assigned professional who can advise, suggest, discuss with you the best approach for your user base, and operate the tool on your behalf.
  • Multilingual - for a global company it is a must. We have simulated emails as well as educational material in multiple languages. Cofense PhishMe already has a lot of material in a number of languages, plus they can take care of translations into additional languages for you.
  • Reporter button - with an add-on for Outlook (or other email clients) a user can report a suspicious email to their helpdesk with one click. In case of a simulated phishing email a report is not sent but rather a congratulation is displayed to a user.
  • Playing it too safe #1 - They will only allow you to send emails to domains you own or control. So if you have people working for you with access to your systems but they have a third-party email (e.g. vendor/contractor domain or Gmail) you won't be able to send simulations to those users.
  • Playing it too safe #2 - While their email template library is large and inspired by real-world phishing emails, for legal reasons they avoid close imitation of real companies - including names, logos, sender, etc. As a result, you'll still find delivery notification email or Office365 look-alikes, but not truly impersonating real-world companies thus being less misleading.
  • Gamification - I'm not aware of a phishing quiz or a game in their educational material. There is no mobile app for users to compete with their coworkers e.g. number of reported malicious emails, number of spotted simulated emails, etc.
Cofense PhishMe sure is a good solution for a global company. For a smaller locally-operated company, you may do well with an internal solution to send simulated emails and collect user feedback, but you'll have to operate it, maintain it, come up with email designs, etc. Cofense already has plenty of emails available and in multiple languages what saves a lot of time. You can also use their benchmarks to compare to their customer base or your industry as well as information (knowledge and experience) they have from other customers.
Absolutely. Visibility into what's being used in the wild or what sneaks through email gateways is valuable and we use those email templates in our phishing simulations.
Read this authenticated review
May 02, 2020
Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
We use Cofense for our ongoing phishing awareness campaigns; it's a great tool to run the program. We used to run manual campaigns previously, but doing it so manually makes it fairly complicated to run reports and maintain a dashboard. Cofense is used across the organization, including the whole workforce.
  • Scheduling campaigns
  • User list management.
  • Variety of templates.
  • Community portal.
  • Board report is not automated.
It's a good fit for any organization, all market sectors, and sizes.
Read this authenticated review
May 01, 2020
Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
Our company is using Cofense PhishMe across the entire organization as part of a larger security awareness program that has been designed to give end users the tools and knowledge to recognize clear and present dangers. The email inbox is one of the easiest vectors that an external actor can access as email addresses are typically published in multiple places online. Cofense PhishMe is being used to address the real world problem of users not recognizing legitimate vs. fake or malicious email.
  • PhishMe scenarios are based on real-world examples of malicious email reported through one of their other product offerings; Phishing Defense Center (PDC)
  • Scenarios have the ability to be easily customized and changed to suit the needs of your own organization to make them more relevant. This increases the chance of a click or attachment opening providing a teachable moment with more users.
  • Console is easy to navigate and use for all levels of technical ability. Not everyone on our team is technically inclined, however, the interface is easy to understand and obtain information from allowing everyone who uses it to be comfortable.
  • Reporting capabilities from completed scenarios is quite good as long as you provide the detail on users during initial import or sync.
  • There is only the ability to run one Playbook at a time. For larger enterprises that may have more than one organization they wish to target in different ways, this is a limitation that requires some clever workarounds.
  • Despite the efforts of reporting and statistics to remove false clicks and multiple clicks from the same users, there are several times we have had to analyze raw data exports in Excel to verify (and correct) our final metrics for scenarios. Not a deal-breaker, however, does require a time investment.
  • Adding/removing users to the PhishMe instance requires a ticket to be submitted to Support. There is no method in the instance for us to do this at our company.
In our case, the major selling point and the previous gap we had with another competing product was how phishing email was being delivered to end-users. Previous to Cofense PhishMe, when a scenario would begin, there would be thousands of emails sent in a very short period of time that would put our IT support staff into DEFCON 1 with red lights flashing and alarm bells ringing. The email chains would soon follow and the results of the campaign would be unreliable. Cofense PhishMe has a feature called "Responsive Delivery" that gives us the ability to deliver emails in a more natural way as users log in and interact with their inboxes; emails are queued until the user is active and online, then the phish is delivered. This feature allows for a more organic delivery of email to the population.

We have yet to find a scenario where Cofense PhishMe is less appropriate since we only have our previous solution to compare it to.
Active Threat and Secure Email Gateway Miss templates are the only templates we use in our scenario simulations because it's relevant not only to what our company is facing at the time but relevant to what our employees may be facing in their personal email inboxes. We strongly believe that having strong security awareness programs in the workplace translates to home as well. Having access to real-world examples adds a level of legitimacy that our previous solution did not provide.
Read this authenticated review
January 29, 2020
Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
We utilize PhishMe to perform phishing scenarios within our organization in order to increase phishing awareness and education. It's currently being utilized by our information security team. PhishMe helps show the regulators that we are continually training our end users.
  • Relevant/current phishing scenarios.
  • Great educational awareness.
  • Does not integrate with Active Directory. You either have to upload a spreadsheet of users or utilize their recipient generator. Would be nice to have an API with AD.
  • Doesn't allow us to spoof legitimate companies. The bad actors do this and other phishing platforms allow this as well. Cofense is legally scared to allow spoofing.
PhishMe is great at generating some relevant phishing scenarios. Every scenario comes with an educational piece if the user falls victim. This can be completely customized to suit your needs.
We don't utilize Cofense's threat intelligence.
They are very quick to respond. They solve about 80% of our issues. Not really a good rating for their support. Would love to see them solve 100% of our tickets.
Read this authenticated review
May 04, 2020
Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
Practical training awareness becomes very important to prevent potential harm and our employees need to be able to recognize the phishing attempt. So, we use Cofense PhishMe phishing awareness program for its effectiveness, efficiency, and reporting. The functionality of Cofense PhishMe immediate feedback when a user clicks a phishing link with in-depth reporting capabilities helps us to use behavior analyzing and take immediate action. The Cofense PhishMe templates (including different languages) to customize the educational campaign are very useful.
  • Wide range of templates, which are always updated and addressing threats organizations face today.
  • Security teams use the information from Phish Reporter to implement countermeasures.
  • Providing training materials that help to educate employees
  • To provide a more convenient way to modify/change mail addresses
If necessary, Cofense PhishMe allows you to quickly and accurately prepare training material.
In proposed templates different languages can be used.
Read this authenticated review
May 01, 2020
Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
Cofense PhishMe is a great product that allows us to safely phish our employees to ensure we test and train all associates. Cofense's phishing templates are easy to use and are up to date with real life issues that businesses are facing attacks from. The training options at the end of the phishing message really help the user understand why they failed the test and to learn from it. Our phishing results have been great and have lowered the longer we continue to use the product.
  • Easy to manage templates
  • Up to date information with real word examples
  • Inexpensive
  • Attachments are doc, xls, and ppt only, no newer formats
  • Embedded pictures require download that is not online
  • Repeat user report needs filtering options
Cofense PhishMe is aimed for businesses where you want to ensure your users know about phishing and have metrics and training to back that up. Environments with strong email rules preventing external email or where the Cofense admin does not have email control will be an issue with keywords or whitelisting.
No, this has not had an impact.
Read this authenticated review
October 22, 2019
Ryan Fultz | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Review Source
We use it to track phishing attempts and report them. We have it deployed across the entire firm and each user has been educated that when they get a phishing attempt they should use the report button. We sometimes conduct tests using this software and we are able to report how many people reported it.
  • The software is really easy to use, I am able to just click a button to report any and all phishing attempts.
  • By it being a one button press it allows me to spend more time doing other things.
  • We are able to conduct tests using PHISHME to audit our internal clients.
  • I don't think anything could be improved it's a simple intuitive software.
Useful for keeping track of phishing attempts. It is also usable to conduct audits/penetration tests that allow you to see who needs retraining on phishing attempts. My employer constantly deploys random tests to survey how effective phishing is against my company. I don't think there are any scenarios where it would not be an appropriate usage case unless people aren't using emails.
I have not had to use their support for pretty much anything. The software works well, and is very intuitive. I would imagine their support would be rather basic as there is not too much that can go wrong with a report phishing button, and if it were I would probably consider a different software.
You click one button and it does the rest of the work.
Read Ryan Fultz's full review
June 14, 2019
Carrie Huang | TrustRadius Reviewer
Score 6 out of 10
Vetted Review
Verified User
Review Source
Cofense PhishMe allows employees at my company to report when we receive phishing emails. For a large corporation with predictable emails names, those emails come fairly often and employees are subject to dangerous emails when they're unfamiliar. Cofense PhishMe is integrated into our email system and makes reporting a breeze. After reporting, the issue gets sent to IT and they will determine the next steps.
  • Easy to report suspected phishing emails to IT and security teams.
  • IT and security teams are able to look into phishing emails right away.
  • Cofense is integrated into our email system and is easy to find.
  • It should be able to filter our emails automatically.
  • It should be able to put the phishing or spam emails in a quarantine.
  • Cofense PhishMe should do more than just be a button on our email platform.
Cofense PhishMe is easy to use for the most part, as it is integrated into our email portal (we use Outlook and the integration is quite seamless) so it makes reporting a breeze. When a user receives a spam or suspected phishing email, we click the Cofense PhishMe button and it sends the email off to IT and security to take a look at. However, I believe it should do much more than that - we have to report it first before it does anything. It does not filter for us, and it does not alert us in the first place that this is a phishing email. Unskeptical employees may actually fall for it before PhishMe can even do its job.
Read Carrie Huang's full review
March 13, 2018
Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
We use PhishMe to conduct end-user assessment and training on email phishing awareness. It’s part of our overall cyber security awareness training for the enterprise. The tool provides training, and repeat failures qualify the user for additional training.
  • Baseline testing offers comparable results
  • Reporter Outlook add-in makes reporting suspicious messages easy
  • Campaigns are fairly simple to set up
  • The Reporter Outlook add-in has had some bugs in the past that made it unusable.
PhishMe is fairly simple to use with pre-defined tests. Baselines allow for simple measures against other companies in addition to checking improvement. The tests provided are similar to phishing attacks that are common. Tests can be customized. When a test is failed, an opportunity for immediate short training is provided (5 min).
Read this authenticated review

What is Cofense PhishMe?

Cofense PhishMe™ is the flagship behavior conditioning, phishing awareness platform from Cofense™ which the vendor states is trusted by over 2500 enterprise customers across all verticals. Using simulated phishing emails, Cofense PhishMe conditions users to identify and report email-based threats that bypass secure email gateways and land in user inboxes. Cofense PhishMe uses experiential learning at the point of failure to reinforce positive security awareness behavior.

A phishing simulation program must reflect the real threat landscape. Cofense boasts a unique perspective on the threat landscape, with insights into threat actors & campaigns in the wild, together with unrivalled visibility of phishing threats that bypass existing security controls to reach the recipient inbox. Leveraging this perspective, Cofense PhishMe operationalizes real, active threats into realistic phishing scenarios to ensure program relevance. The vendor describes Cofense PhishMe as using intelligent automation, advanced algorithms, and embedded best practices to increase user engagement and reduce program planning, management, and execution overhead. Cofense PhishMe’s education library includes content created by its content team, as well as from 3rd party content vendors.

Cofense PhishMe has been rated as a leader in the Gartner Magic Quadrant for Security Awareness CBT Solutions and a Gartner peer insights Customer’ Choice security awareness vendor 2 years in a row.

Cofense PhishMe Features

Has featureReal Threat & Secure Email Gateway Miss Templates – increase relevance of programs by simulating real threats observed to bypass common Secure Email Gateways
Has featureResponsive Delivery – increase program engagement and eliminate global scheduling challenges by delivering simulation emails only when users are active in their mailbox
Has featureSmart Suggest – advanced algorithms and embedded best practice provide program guidance based on industry relevance and program history.
Has featureRecipient Sync - automates syncing of recipients from Azure Active Directory to PhishMe. Utilize Recipient Sync and Dynamic Groups for fully automated group management.
Has featureAutomated Playbooks – automate execution of a 12-month simulation program with just a few clicks.
Has featureComprehensive education catalog including content from leading third-party providers including NINJIO and AwareGo.
Has featureBoard Reports – executive level insight into program performance and changes in resiliency to phishing.

Cofense PhishMe Screenshots

Cofense PhishMe Video

Cofense PhishMe Responsive Delivery – increase program engagement, reduce whitelisting and eliminate global scheduling challenges by delivering simulation emails only when users are active in their inbox.

Cofense PhishMe Downloadables

Cofense PhishMe Integrations

Exchange and Office365 for Responsive Delivery capabilities., Azure Active Directory for Recipient Sync capabilities., PhishMe API automatically sends simulation results to a designated location for further analysis., All scenario results and data can be exported as .xls or .csv files for offline analysis or upload to dashboard and data analytics software., Report templates for Microsoft PowerBI are provided for PhishMe customers.

Cofense PhishMe Competitors

KnowBe4 Security Awareness Training, Proofpoint/Wombat, Ironscales

Cofense PhishMe Pricing

  • Has featureFree Trial Available?Yes
  • Does not have featureFree or Freemium Version Available?No
  • Has featurePremium Consulting/Integration Services Available?Yes
  • Entry-level set up fee?No

Cofense PhishMe Customer Size Distribution

Small Businesses (1-50 employees)
Mid-Size Companies (51-500 employees)
Enterprises (> 500 employees)

Cofense PhishMe Support Options

 Paid Version
Live Chat
Video Tutorials / Webinar

Cofense PhishMe Technical Details

Deployment Types:SaaS
Operating Systems: Unspecified
Mobile Application:No
Supported Countries:Global
Supported Languages: English - American, English – British, English – Australian, Afrikaans, Arabic, Chinese – Simplified, Chinese – Traditional, Czech, Danish, Dutch, Finnish, French, French – Canadian, German, Greek, Indonesian, Italian, Japanese, Korean, Norwegian, Polish, Portuguese, Brazilian Portuguese, Romanian, Russian, Serbian, Slovak, Spanish, Spanish – Latin American, Swedish, and Turkish