Skip to main content
Cofense PhishMe

Cofense PhishMe


What is Cofense PhishMe?

Cofense PhishMe is a cyber threat and phishing simulator meant to be of use in training employees to be wary against threats and also to gain information about general employee threat knowledge and preparedness. A free trial is available for…

Read more
Recent Reviews

TrustRadius Insights

Cofense PhishMe is a versatile platform that addresses the growing concern of email-based attacks and helps organizations improve their …
Continue reading
Read all reviews


Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Reviewer Pros & Cons

View all pros & cons
Return to navigation


View all pricing

What is Cofense PhishMe?

Cofense PhishMe is a cyber threat and phishing simulator meant to be of use in training employees to be wary against threats and also to gain information about general employee threat knowledge and preparedness. A free trial is available for small business.

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visit


  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

31 people also want pricing

Alternatives Pricing

What is KnowBe4 Security Awareness Training?

KnowBe4 is a security awareness training and simulated phishing platform used by more than 65,000 organizations around the globe. Founded by IT and data security specialist, Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO…

What is CyberHoot?

CyberHoot is presented as a simple, fast and effective employee Security Training Platform from the company of the same name headquartered in Portsmouth. The platform includes 700+ Training Videos, 25+ Policy Templates, and Phish Testing.

Return to navigation

Product Details

What is Cofense PhishMe?

Cofense PhishMe™ is the flagship behavior conditioning, phishing awareness platform from Cofense™ which the vendor states is trusted by over 2500 enterprise customers across all verticals. Using simulated phishing emails, Cofense PhishMe conditions users to identify and report email-based threats that bypass secure email gateways and land in user inboxes. Cofense PhishMe uses experiential learning at the point of failure to reinforce positive security awareness behavior.

A phishing simulation program must reflect the real threat landscape. Cofense boasts a unique perspective on the threat landscape, with insights into threat actors & campaigns in the wild, together with unrivalled visibility of phishing threats that bypass existing security controls to reach the recipient inbox. Leveraging this perspective, Cofense PhishMe operationalizes real, active threats into realistic phishing scenarios to ensure program relevance. The vendor describes Cofense PhishMe as using intelligent automation, advanced algorithms, and embedded best practices to increase user engagement and reduce program planning, management, and execution overhead. Cofense PhishMe’s education library includes content created by its content team, as well as from 3rd party content vendors.

Cofense PhishMe has been rated as a leader in the Gartner Magic Quadrant for Security Awareness CBT Solutions and a Gartner peer insights Customer’ Choice security awareness vendor 2 years in a row.

Cofense PhishMe Features

  • Supported: Real Threat & Secure Email Gateway Miss Templates – increase relevance of programs by simulating real threats observed to bypass common Secure Email Gateways
  • Supported: Responsive Delivery – increase program engagement and eliminate global scheduling challenges by delivering simulation emails only when users are active in their mailbox
  • Supported: Smart Suggest – advanced algorithms and embedded best practice provide program guidance based on industry relevance and program history.
  • Supported: Recipient Sync - automates syncing of recipients from Azure Active Directory to PhishMe. Utilize Recipient Sync and Dynamic Groups for fully automated group management.
  • Supported: Automated Playbooks – automate execution of a 12-month simulation program with just a few clicks.
  • Supported: Comprehensive education catalog including content from leading third-party providers including NINJIO and AwareGo.
  • Supported: Board Reports – executive level insight into program performance and changes in resiliency to phishing.

Cofense PhishMe Screenshots

Screenshot of Image 1 – Board of Directors (BOD) report showcasing results of your phishing defense programScreenshot of Image 2 – Create New Scenario PageScreenshot of Image 3 – Intelligent Program Automation using PlaybooksScreenshot of Image 4 – Organizational Suspicious Email Reporting StatisticsScreenshot of Image 5 – Phishing Scam Announcement Templates

Cofense PhishMe Video

Cofense PhishMe Responsive Delivery – increase program engagement, reduce whitelisting and eliminate global scheduling challenges by delivering simulation emails only when users are active in their inbox.

Cofense PhishMe Competitors

Cofense PhishMe Technical Details

Deployment TypesSoftware as a Service (SaaS), Cloud, or Web-Based
Operating SystemsUnspecified
Mobile ApplicationNo
Supported CountriesGlobal
Supported LanguagesEnglish - American, English – British, English – Australian, Afrikaans, Arabic, Chinese – Simplified, Chinese – Traditional, Czech, Danish, Dutch, Finnish, French, French – Canadian, German, Greek, Indonesian, Italian, Japanese, Korean, Norwegian, Polish, Portuguese, Brazilian Portuguese, Romanian, Russian, Serbian, Slovak, Spanish, Spanish – Latin American, Swedish, and Turkish

Frequently Asked Questions

Cofense PhishMe is a cyber threat and phishing simulator meant to be of use in training employees to be wary against threats and also to gain information about general employee threat knowledge and preparedness. A free trial is available for small business.

KnowBe4 Security Awareness Training are common alternatives for Cofense PhishMe.

Reviewers rate Role-based user permissions highest, with a score of 8.1.

The most common users of Cofense PhishMe are from Enterprises (1,001+ employees).

Cofense PhishMe Customer Size Distribution

Small Businesses (1-50 employees)4%
Mid-Size Companies (51-500 employees)35%
Enterprises (more than 500 employees)61%
Return to navigation


View all alternatives
Return to navigation

Reviews and Ratings


Attribute Ratings


(1-25 of 28)
Companies can't remove reviews or game the system. Here's why
Score 10 out of 10
Vetted Review
Verified User
We basically use it to analyse and check if any mails reported by the users are phishing mails. Well it helps us to identify any mails that might have been missed by the email services. Also we love the quick and easy response and reaction we can take once we identify a phish.
  • Playbooks
  • Rules matching
  • Risk Score
  • IOC Matching
  • Custom Triggers
  • Custom Reports
Flexibility to tackle all the phishing aspects of the company.
Score 9 out of 10
Vetted Review
Verified User
We give each user the ability to report any email they deem suspicious, which then gets reviewed by a team within cybersecurity. The overall depth and information provided by Cofense has significantly increased our odds of detecting a malicious threat actor. It has also freed up a lot more time for the cyber team to work on other projects!
  • Gives a plethora of data
  • Automation
  • Metrics
  • The ability to change templates on the fly. Not all emails fit a certain template and I would like to not have to reach out to a user separately but instead be able through Cofense.
It is one of the more commonly used tools within our stack. Gives users peace of mind that they can send suspicious emails to those that have a bit more training in what to look for.
Score 9 out of 10
Vetted Review
Verified User
We are an MSSP for Cofense PhishMe, and offer it as a managed service to our clients. We aim to solve our client's problems of poor phishing awareness and training, by offering this as a service. We run phishing simulations monthly using the platform and use the statistics it provides to create a monthly report to inform our clients about their success with training their users. Our simulations can be simple using the base templates, but we also offer customized scenarios, which use the PhishMe service to customize the details of a template and schedule and deploy the simulation to the client.
  • Customisation
  • Detailed whitelisting instructions
  • Flexible scheduling options
  • Good customer support
  • Detailed and accurate statistics
  • Cofense PhishMe could recommend current trends as templates
  • There could be options to have multiple clients on one accounting for a basic shared service for clients who want a cheaper option
  • A clearer dashboard that displays the statistics per scenario, and gives numbers of clicks/reports as well as the percentage, as the clients often want numbers as well as percentages
Cofense PhishMe is an excellent solution for scenarios where it will be sold as a managed service. I believe that PhishMe is too expensive for many clients and instead would benefit from the economies of scale where an MSSP sells it as part of a whole service, which offers the analysts and reporting included. PhishMe is excellent for training and awareness of Phishing, but shouldn't replace mandatory training for new joiners or yearly refreshers, it should only be used as an additional training option.
Score 9 out of 10
Vetted Review
Verified User
We are using Cofense frequently to report phishing mail. It is addressing resolving reporting issues before the user reporting is very difficult and it will take time; now, it is easy to report and find the malware, but it is very time-consuming. Cofense is very helpful for auto categorizations, so it will save lots of time.
  • Creating the Rule for know emails.
  • Sending notification is very useful to forward the request to SOC team for analyzing.
  • Running play book is very useful and easy to resolve the issue.
  • In the matches we need more details.
  • Creating rules is very difficult.
  • YARA rules are not understandable.
The Cofense PhishMe is well suited in all the scenarios for reporting from the end-user side. It is much easier to report to INFOSEC from the end user. In a small environment or that doesn't have owned domain, in this case, it is less appropriate to use the PhishMe. Otherwise, all the places the Cofense will support.
Score 8 out of 10
Vetted Review
Verified User
[Cofense] PhishMe is being used by our department in an organization-wide effort to combat our #1 Attack Vector. [Cofense] PhishMe is able to address the queue and automation of submitted emails from our users. [Cofense] PhishMe also address the necessary information needed from emails submitted by parsing accurate and relevant information in our analysts' view.
  • Recipe and rule matching [...] enables an advanced method to target, filter, and take quicker action on suspicious emails.
  • Clustering similar events [...] organize and save time on MTTD and MTTr for incidents and intervention.
  • Parsing critical information such as IPs, Email addresses, and URLs to help aggregate all the information into 1 single pane.
  • Email and HTML preview allow ease of visibility without having to download or find/fetch the original content.
  • Many of the URLs come in with an unknown reputation and although it may be challenging from threat intel feeds, somehow allowing a more in-depth analysis of the URL can provide better/quicker decision making or validation.
  • Adjustable widgets for reporting, although the provided are already built very well.
  • Provide in-house templates or summaries of actionable items, such as a single brief on a major phish.
Attackers targeting organizations require users to reach out or speak up. When a user is able to easily report via [Cofense] PhishMe, an analyst has all the information they need from the submission to take action in their organization in seconds. Phishing scenario targeting HVTs easily is visible in the tool, mitigating future emails are easily done by correlating information collected. Also, when attachments such as dropper malware are included, it is easily identifiable by the information parsed, and the attachments are available for sandbox detonation or static/dynamic analysis. Original content is preserved and cuts down on time to take action on submitted phishing attacks.
December 13, 2021

Cofense PhishMe - Review

Score 8 out of 10
Vetted Review
Verified User
Amazing product for processing the reported phishing emails. Threat intelligence from Cofense PhishMe is very useful, and they have a [wide variety] of simulation templates.
  • Process reported phishing emails
  • Threat Intelligence
  • Phishing Simulation
  • AI in Cofense PhishMe protect
  • Future products
  • Integrations with other technologies
Best for processing reported phishing emails.
Score 9 out of 10
Vetted Review
Verified User
Cofense PhishMe is an all-in-one solution for increasing Mail Security Awareness in the organisation. We use it to simulate phishing campaigns across different verticals in the organisation and calculate the susceptibility rate of the users to make them more aware of the indicators of compromise in phishing emails.
  • Phishing Campaigns
  • Historical Graphs for Phishing Campaigns
  • Security Awareness Banners
  • A better UI for which Cofense PhishMe is already working
  • More region specific domains for phishing Campaigns
  • More region specific scenarios for Phishing Campaigns
It's a very apt tool for the scenario where there are multiple users and verticals in an organisation. Phishing Campaigns and recording their response actions is quite easier through this tool. Not suitable for a small organization (less than 500) that can maybe use some open tools or self-made emails for campaigns.
Score 9 out of 10
Vetted Review
Verified User
[Cofense PhishMe] is used at Express for security awareness, security education, and protection of the organization from bad actors that are persistent and relentless in the pursuit of attacking the organization from the storefront, back office, and the C-suite.
  • Education
  • Filtering know bad.
  • Responding to the reporter.
  • Threat Intel API feeds.
  • Sandbox
  • User generated reporting.
[Cofense] PhishMe is well suited for [medium] to large organizations with [a] dedicated analyst that [is] continually working the findings, building new phishing campaigns and removing malicious emails from the end users mailboxes.
It is less appropriate for SMB's that have limited resources to manage the day to day usage of the product.
Score 8 out of 10
Vetted Review
Verified User
Cofense PhishMe is being used across the entire organization. Users use the Report Phish button in Outlook to report suspicious emails, then the Cofense PhishMe triage server responds back letting the user know if the email is safe or malicious. It helps the business prevent phishing attacks and account compromises.
  • Quick response from triage.
  • Simple and easy to use.
  • Accurate
  • More automation.
  • Ability to work in non-outlook apps.
Cofense PhishMe is a great tool for security awareness and for preventing phishing attacks. It allows users to report suspicious emails before they click them themselves.
Score 8 out of 10
Vetted Review
Verified User
We are using the Cofense PhishMe solution to send phishing scenarios and we are getting great results and great views in the console. The platform is easy to use and has a lot of resources. We are also using targeted scenarios from the module. Also, the LMS module provides great value to organizations as they have generalized security modules and also have gamification modules for security awareness programs. The platform is user-friendly and does not require training to use the platform. I was able to use it without any prior training. I am able to perform all phishing scenarios from the user-friendly console.
  • Learning
  • Phishing scenerios
  • Awareness letters
  • New content
  • Innovative
  • Resources for training
It's well suited for any type of organization. They have content from different languages and different categories. So if you need your company to send targeted phishing scenarios to Spanish users, then they have templates in that language too. Also, we can use templates to target different departments. We are using different templates to target new hires, oversee people, and so on.
Alexander Bagrov | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
In the past, we were using it only on a quarterly basis as a benchmark type of activity. Nowadays, we are offering Phishing Simulation as a service to our departments and we are slowly getting to 1 big Q exercise (250k people) and 3-4 monthly ones (anywhere from 50 to 5k users).
  • Friendly UX.
  • Huge selection of phishes.
  • Ability to customize.
  • Web version support - sometimes it's too laggy.
  • Upload/download rate for results and recipient lists.
I am one of the Phishing Simulation ambassadors and I am eager to talk to those who listen. This tool is great at educating people and changing their behavior - although, in some parts, it still uses terminology that incites some senior leaders to use punitive methods (like repeat clickers, etc).
August 15, 2021

PhishMe for Analyst

Score 10 out of 10
Vetted Review
Verified User
We use Cofense PhishMe for capturing the user-reported phish emails. The console is used in a Security Operations Center environment for 24x7x365. Basically, the information security team handles the administration and reported the email triaging part. The Cofense PhishMe plugin is installed on the email client of all the users so that they can report a suspicious email directly from their email client.

We triage the suspicious/malicious reported emails thereby using the different fields it provides like headers, body, URLs, and attachments section. We write custom Yara rules for easy automation.

It addresses the main concern that emails have become a major vector for malicious attacks and making user awareness and after that catching the bad guys we need assistance from a Cofense PhishMe like tool.
  • It gives clear-cut segregation of different parts of an email, header, text and HTML body, URL, attachments, HTML preview and some analytical insight like "similar reports." This distinctive approach actually helps reduce data overload during an analysis.
  • The URLs captured here pass through an automatic reputation check [in our case VirusTotal] and add a tag of the reputation. If it is a well-known bad URL the tag helps us take the decision fast.
  • For creating automation rules on the reported emails the "Recipes" section is really helpful. We can create easy recipes [or rules ] to handle a huge flow of reports and also we can create more sophisticated rules depending on the Cyber intelligence feed to catch the really bad currently less known attack attempts by malicious emails.
  • The "Threat Indicators" section is also useful to use as a threat intelligence source to check the URLs for their maliciousness.
  • Need to add more OSINT APIs to check the reputation of embedded URLs and the hash of attached files.
  • "Screen Capture" of the embedded URL links [after clicking on the embedded URL where the URL takes the user] will be really helpful for triaging basic credential harvesting attack scenarios.
  • Integration of ProofPoint email gateway to Phishme triage will help us determine the number of email flow from a suspicious sender. This will reduce the requirement of opening another console just to check the number of emails from a particular sender.
Well Suited:
  • Large to small-scale organizations with a dedicated information security team.
  • The admin team will get acquainted with the organization's email trends, user behaviors, false Positive scenarios, and real attack concerns.

Less Appropriate:
  • Service provider companies handling multiple clients.
  • There is no approach for client segregation in PhishMe so this may create some kind of confusion when triaging multiple different organizational client's reported emails on a single pane.
Score 9 out of 10
Vetted Review
Verified User
We are utilizing Cofense PhishMe to provide phishing campaigns to all employees quarterly and targeted groups monthly. It addresses education needs for employees to recognize phishing emails and utilize the reporter button to send emails to Triage.
  • Easy to Navigate GUI - easy to create and run scenarios
  • In depth reporting - Ability to provide detailed reports by department, title, etc. for follow-up training
  • Adoption of new technology - new additions such as Responsive Delivery and Recipient Sync allow less overhead for running scenarios
  • Introduction of new templates - new templates being introduced all the time to keep up with currently seen campaigns
  • Completely switching to the new UI - Most is redesigned, but some old elements remain
  • Ability to spoof known brands - limited in scope now and you are not allowed to use fully "convincing" campaigns that we are seeing in the wild
  • Ability to own and manage own domains - right now adding a new company domain requires a ticket, allow us to add/verify ourselves
  • Provides a easy to use platform for running campaigns to employees
  • Includes ability to deploy Reporter - Outlook plugin for employees to report suspicious emails for validation
  • In depth reporting and ability to track all aspects of campaign and answers
  • Provides LMS content and CBT Modules
Great to supplement other trainings or LMS. But in my opinion cannot stand on its own.

Score 8 out of 10
Vetted Review
Verified User
Cofense products help us manage various malicious and phishing emails. It lets our users, the last line of defense, identify any malevolent emails that might have glided past our email filters and enables them to report it to Cofense, who, in turn, perform analysis to provide us with the outlook of my organization's email threat landscape.
  • Email analysis
  • Simulation of phishing emails
  • User awareness
  • Visibility on how the IOC contribution from my orgn. is being used across the ecosystem.
  • The simulation portal feels outdated.
  • The reporting part could be better.
In conducting simulation-related activities, Cofense performs a very good job. Their support system to run the activity from planning to translating the content to local languages and the actual execution was quite good. These simulation exercises have been helpful in raising and maintaining awareness against phishing across our staff. The results also provide us with an insight into the "risky" behavior of certain staff who could be guided accordingly.
Score 10 out of 10
Vetted Review
Verified User
[Cofense PhishMe is used for] phishing simulations (both global and spear phishing) [and] training (CBT and other)[.]
  • Phishing templates: variety and customization
  • Multi-language training
  • Personal support
  • More specific training CBT modules by function, e.g. legal/finance/sales/software development
  • Well suited: Seamless integration into our in-house training platform
  • Well suited: Templates for phishing simulations - in particular by geographic region
  • Less appropriate: specific training for software developers/programmers
Score 10 out of 10
Vetted Review
Verified User
We use Cofense PhishMe enterprise wide. We use it for security awareness and education. Monthly phishing simulation tests are done to help our users understand and identify phishing emails. We also use the metrics from these test extensively to target areas that may require additional education. Targeted phishing simulations are done as well.
  • Updated templates for phishing exercises
  • Great customer service and support
  • Great scenario summary reports
  • Nice interface /dashboard on web site.
  • Self service to download pdf's for education material
  • Would like to see more Awareness newsletters
  • Self service customization of training materials.
Cofense PhishMe is well suited for any environment. Works well on a large scale as we send simulations to over 50,000 users each month. Also, on a smaller scale we send phishing simulations to targeted groups or to our users who click and fail tests often. Also extensive metrics available.
Score 5 out of 10
Vetted Review
Verified User
We use [Cofense] PhishMe to run global phishing simulation exercises across the organization. The simulations enable us to assess how well staff identify and report malicious emails. The platform also provides reporting and analytics, as well as a channel to engage staff with education and direct communication.
  • We have an outstanding account manager
  • The industry benchmarking and use of scenarios pulled from successful real world attacks helps to increase the validity of the phishing simulation programme.
  • Running simulations with the support of the team is straightforward.
  • UX
  • Reporting and analytics - develop user dashboards and profiles
  • Interactive training and development
We are using [Cofense] PhishMe as we have several other Cofense products in our environment, so it's simpler to manage one vendor.
PhishMe would be great for smaller organizations with simpler system architecture and rules.

We're currently working with PhishMe to develop better user pathways and a smoother user experience, particularly in relation to automating user feedback and enhancing the education streams.
Score 9 out of 10
Vetted Review
Verified User
We are using PhishMe as a phishing simulator to help train our users on how to detect and report phishing scams/emails. We are seeing more and more audits from potential clients as well as partners that ask if we conduct phishing campaigns against our own users. Using PhishMe allows us to check this box.
  • Setting up campaigns is easy.
  • There are lots of examples that can be built from.
  • The training if a user falls for the phishing is well thought out and presented.
  • Account management could be done better. Removing users is a good example.
We find that doing our phishing emails a couple of times a year works best and makes sure our users don't get too used to the campaigns. In the past, we used computer based training materials that came for free with our subscription. This was a nice add on and worked well with our LMS systems built on top of SharePoint.
Score 10 out of 10
Vetted Review
Verified User
We use it across the entire organization. It helps people better understand their susceptibility. Everyone knows that phishing is bad and we shouldn't click on bad links, yet it still happens. No amount of annual awareness training will change that. Cofense PhishMe lets people know as soon as they fell for one that they too are susceptible.
  • Raw material - no need to go hunt out scenarios. There are plenty to choose from.
  • Software interface makes it easy to organize a campaign.
  • Reporting - it's easy to spot repeat offenders for additional phishing or individualized training.
  • We like to pass each campaign by a couple of people. While I can send a test to someone, a simple workflow approval would be nice.
  • You could automate user cleanup of inactive accounts a little better.
It works well for any company that wants to be able to measure and subsequently reduce phishing susceptibility rates. It's more suitable at places where users have a ton of free reign, like college professors, medical doctors, or high paid consultants. In locked down places with very little user autonomy, such as a bank, it might not be as helpful.
Score 10 out of 10
Vetted Review
Verified User
We use Cofense PhishMe globally across the whole organization of approx. 60k users. It is part of our security awareness program and through simulated phishing emails provides experiential learning to users. Through practice, they get better at spotting a suspicious email. We also use the Cofense Phishing Reporter button that gives a user a one-click way to report a suspicious email.
  • Service - it isn't just another tool you need to operate. Cofense service includes an assigned professional who can advise, suggest, discuss with you the best approach for your user base, and operate the tool on your behalf.
  • Multilingual - for a global company it is a must. We have simulated emails as well as educational material in multiple languages. Cofense PhishMe already has a lot of material in a number of languages, plus they can take care of translations into additional languages for you.
  • Reporter button - with an add-on for Outlook (or other email clients) a user can report a suspicious email to their helpdesk with one click. In case of a simulated phishing email a report is not sent but rather a congratulation is displayed to a user.
  • Playing it too safe #1 - They will only allow you to send emails to domains you own or control. So if you have people working for you with access to your systems but they have a third-party email (e.g. vendor/contractor domain or Gmail) you won't be able to send simulations to those users.
  • Playing it too safe #2 - While their email template library is large and inspired by real-world phishing emails, for legal reasons they avoid close imitation of real companies - including names, logos, sender, etc. As a result, you'll still find delivery notification email or Office365 look-alikes, but not truly impersonating real-world companies thus being less misleading.
  • Gamification - I'm not aware of a phishing quiz or a game in their educational material. There is no mobile app for users to compete with their coworkers e.g. number of reported malicious emails, number of spotted simulated emails, etc.
Cofense PhishMe sure is a good solution for a global company. For a smaller locally-operated company, you may do well with an internal solution to send simulated emails and collect user feedback, but you'll have to operate it, maintain it, come up with email designs, etc. Cofense already has plenty of emails available and in multiple languages what saves a lot of time. You can also use their benchmarks to compare to their customer base or your industry as well as information (knowledge and experience) they have from other customers.
Score 10 out of 10
Vetted Review
Verified User
Practical training awareness becomes very important to prevent potential harm and our employees need to be able to recognize the phishing attempt. So, we use Cofense PhishMe phishing awareness program for its effectiveness, efficiency, and reporting. The functionality of Cofense PhishMe immediate feedback when a user clicks a phishing link with in-depth reporting capabilities helps us to use behavior analyzing and take immediate action. The Cofense PhishMe templates (including different languages) to customize the educational campaign are very useful.
  • Wide range of templates, which are always updated and addressing threats organizations face today.
  • Security teams use the information from Phish Reporter to implement countermeasures.
  • Providing training materials that help to educate employees
  • To provide a more convenient way to modify/change mail addresses
If necessary, Cofense PhishMe allows you to quickly and accurately prepare training material.
In proposed templates different languages can be used.
Score 10 out of 10
Vetted Review
Verified User
We use Cofense for our ongoing phishing awareness campaigns; it's a great tool to run the program. We used to run manual campaigns previously, but doing it so manually makes it fairly complicated to run reports and maintain a dashboard. Cofense is used across the organization, including the whole workforce.
  • Scheduling campaigns
  • User list management.
  • Variety of templates.
  • Community portal.
  • Board report is not automated.
It's a good fit for any organization, all market sectors, and sizes.
Score 9 out of 10
Vetted Review
Verified User
Our company is using Cofense PhishMe across the entire organization as part of a larger security awareness program that has been designed to give end users the tools and knowledge to recognize clear and present dangers. The email inbox is one of the easiest vectors that an external actor can access as email addresses are typically published in multiple places online. Cofense PhishMe is being used to address the real world problem of users not recognizing legitimate vs. fake or malicious email.
  • PhishMe scenarios are based on real-world examples of malicious email reported through one of their other product offerings; Phishing Defense Center (PDC)
  • Scenarios have the ability to be easily customized and changed to suit the needs of your own organization to make them more relevant. This increases the chance of a click or attachment opening providing a teachable moment with more users.
  • Console is easy to navigate and use for all levels of technical ability. Not everyone on our team is technically inclined, however, the interface is easy to understand and obtain information from allowing everyone who uses it to be comfortable.
  • Reporting capabilities from completed scenarios is quite good as long as you provide the detail on users during initial import or sync.
  • There is only the ability to run one Playbook at a time. For larger enterprises that may have more than one organization they wish to target in different ways, this is a limitation that requires some clever workarounds.
  • Despite the efforts of reporting and statistics to remove false clicks and multiple clicks from the same users, there are several times we have had to analyze raw data exports in Excel to verify (and correct) our final metrics for scenarios. Not a deal-breaker, however, does require a time investment.
  • Adding/removing users to the PhishMe instance requires a ticket to be submitted to Support. There is no method in the instance for us to do this at our company.
In our case, the major selling point and the previous gap we had with another competing product was how phishing email was being delivered to end-users. Previous to Cofense PhishMe, when a scenario would begin, there would be thousands of emails sent in a very short period of time that would put our IT support staff into DEFCON 1 with red lights flashing and alarm bells ringing. The email chains would soon follow and the results of the campaign would be unreliable. Cofense PhishMe has a feature called "Responsive Delivery" that gives us the ability to deliver emails in a more natural way as users log in and interact with their inboxes; emails are queued until the user is active and online, then the phish is delivered. This feature allows for a more organic delivery of email to the population.

We have yet to find a scenario where Cofense PhishMe is less appropriate since we only have our previous solution to compare it to.
Score 10 out of 10
Vetted Review
Verified User
Cofense PhishMe is a great product that allows us to safely phish our employees to ensure we test and train all associates. Cofense's phishing templates are easy to use and are up to date with real life issues that businesses are facing attacks from. The training options at the end of the phishing message really help the user understand why they failed the test and to learn from it. Our phishing results have been great and have lowered the longer we continue to use the product.
  • Easy to manage templates
  • Up to date information with real word examples
  • Inexpensive
  • Attachments are doc, xls, and ppt only, no newer formats
  • Embedded pictures require download that is not online
  • Repeat user report needs filtering options
Cofense PhishMe is aimed for businesses where you want to ensure your users know about phishing and have metrics and training to back that up. Environments with strong email rules preventing external email or where the Cofense admin does not have email control will be an issue with keywords or whitelisting.
January 29, 2020

Cofense PhishMe Review

Score 8 out of 10
Vetted Review
Verified User
We utilize PhishMe to perform phishing scenarios within our organization in order to increase phishing awareness and education. It's currently being utilized by our information security team. PhishMe helps show the regulators that we are continually training our end users.
  • Relevant/current phishing scenarios.
  • Great educational awareness.
  • Does not integrate with Active Directory. You either have to upload a spreadsheet of users or utilize their recipient generator. Would be nice to have an API with AD.
  • Doesn't allow us to spoof legitimate companies. The bad actors do this and other phishing platforms allow this as well. Cofense is legally scared to allow spoofing.
PhishMe is great at generating some relevant phishing scenarios. Every scenario comes with an educational piece if the user falls victim. This can be completely customized to suit your needs.
Return to navigation