TrustRadius Insights
Cofense PhishMe is a versatile platform that addresses the growing concern of email-based attacks and helps organizations improve their …
Overview
What is Cofense PhishMe?
Cofense PhishMe is a cyber threat and phishing simulator meant to be of use in training employees to be wary against threats and also to gain information about general employee threat knowledge and preparedness. A free trial is available for…
Recent Reviews
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Pricing
N/A
Unavailable
What is Cofense PhishMe?
Cofense PhishMe is a cyber threat and phishing simulator meant to be of use in training employees to be wary against threats and also to gain information about general employee threat knowledge and preparedness. A free trial is available for small business.
Entry-level set up fee?
- No setup fee
For the latest information on pricing, visithttps://cofense.com/pricing
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
34 people also want pricing
Alternatives Pricing
What is KnowBe4 Security Awareness Training?
KnowBe4 is a security awareness training and simulated phishing platform used by more than 65,000 organizations around the globe. Founded by IT and data security specialist, Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO…
What is CyberHoot?
CyberHoot is presented as a simple, fast and effective employee Security Training Platform from the company of the same name headquartered in Portsmouth. The platform includes 700+ Training Videos, 25+ Policy Templates, and Phish Testing.
Product Details
- About
- Competitors
- Tech Details
- Downloadables
- FAQs
What is Cofense PhishMe?
Cofense PhishMe™ is the flagship behavior conditioning, phishing awareness platform from Cofense™ which the vendor states is trusted by over 2500 enterprise customers across all verticals. Using simulated phishing emails, Cofense PhishMe conditions users to identify and report email-based threats that bypass secure email gateways and land in user inboxes. Cofense PhishMe uses experiential learning at the point of failure to reinforce positive security awareness behavior.
A phishing simulation program must reflect the real threat landscape. Cofense boasts a unique perspective on the threat landscape, with insights into threat actors & campaigns in the wild, together with unrivalled visibility of phishing threats that bypass existing security controls to reach the recipient inbox. Leveraging this perspective, Cofense PhishMe operationalizes real, active threats into realistic phishing scenarios to ensure program relevance. The vendor describes Cofense PhishMe as using intelligent automation, advanced algorithms, and embedded best practices to increase user engagement and reduce program planning, management, and execution overhead. Cofense PhishMe’s education library includes content created by its content team, as well as from 3rd party content vendors.
Cofense PhishMe has been rated as a leader in the Gartner Magic Quadrant for Security Awareness CBT Solutions and a Gartner peer insights Customer’ Choice security awareness vendor 2 years in a row.
Cofense PhishMe Features
- Supported: Real Threat & Secure Email Gateway Miss Templates – increase relevance of programs by simulating real threats observed to bypass common Secure Email Gateways
- Supported: Responsive Delivery – increase program engagement and eliminate global scheduling challenges by delivering simulation emails only when users are active in their mailbox
- Supported: Smart Suggest – advanced algorithms and embedded best practice provide program guidance based on industry relevance and program history.
- Supported: Recipient Sync - automates syncing of recipients from Azure Active Directory to PhishMe. Utilize Recipient Sync and Dynamic Groups for fully automated group management.
- Supported: Automated Playbooks – automate execution of a 12-month simulation program with just a few clicks.
- Supported: Comprehensive education catalog including content from leading third-party providers including NINJIO and AwareGo.
- Supported: Board Reports – executive level insight into program performance and changes in resiliency to phishing.
Cofense PhishMe Screenshots
Cofense PhishMe Video
Cofense PhishMe Responsive Delivery – increase program engagement, reduce whitelisting and eliminate global scheduling challenges by delivering simulation emails only when users are active in their inbox.
Cofense PhishMe Competitors
- KnowBe4 Security Awareness Training
- Proofpoint/Wombat
- Ironscales
Cofense PhishMe Technical Details
| Deployment Types | Software as a Service (SaaS), Cloud, or Web-Based |
|---|---|
| Operating Systems | Unspecified |
| Mobile Application | No |
| Supported Countries | Global |
| Supported Languages | English - American, English – British, English – Australian, Afrikaans, Arabic, Chinese – Simplified, Chinese – Traditional, Czech, Danish, Dutch, Finnish, French, French – Canadian, German, Greek, Indonesian, Italian, Japanese, Korean, Norwegian, Polish, Portuguese, Brazilian Portuguese, Romanian, Russian, Serbian, Slovak, Spanish, Spanish – Latin American, Swedish, and Turkish |
Cofense PhishMe Downloadables
Frequently Asked Questions
Cofense PhishMe is a cyber threat and phishing simulator meant to be of use in training employees to be wary against threats and also to gain information about general employee threat knowledge and preparedness. A free trial is available for small business.
KnowBe4 Security Awareness Training are common alternatives for Cofense PhishMe.
Reviewers rate Role-based user permissions highest, with a score of 8.1.
The most common users of Cofense PhishMe are from Enterprises (1,001+ employees).
Cofense PhishMe Customer Size Distribution
| Consumers | 0% |
|---|---|
| Small Businesses (1-50 employees) | 4% |
| Mid-Size Companies (51-500 employees) | 35% |
| Enterprises (more than 500 employees) | 61% |
Comparisons
Compare with
Reviews and Ratings
(49)
Community Insights
TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!
- Business Problems Solved
- Pros
- Cons
Cofense PhishMe is a versatile platform that addresses the growing concern of email-based attacks and helps organizations improve their cybersecurity. Users report suspicious emails directly from their email client using the Cofense PhishMe plugin, streamlining the process of identifying potential threats. The information security team then triages and analyzes the reported emails, leveraging the different fields provided by Cofense PhishMe to efficiently categorize and prioritize them for further investigation.
One key use case of Cofense PhishMe is its ability to simulate phishing scenarios, providing valuable insights into users' susceptibility to such attacks. This helps organizations better understand their employees' level of awareness and readiness in recognizing and reporting phishing scams or malicious emails. The platform offers a user-friendly interface that does not require extensive training, making it accessible to users across the organization.
Additionally, Cofense PhishMe helps track phishing attempts and enables users to easily report suspicious emails for further action. By automating the categorization of reported emails, the platform saves time and streamlines the analysis process. It also provides statistics that inform clients about the success of their user training efforts, empowering organizations to continually improve mail security awareness.
Furthermore, Cofense PhishMe plays a vital role in increasing users' recognition of legitimate versus fake or malicious emails. Through experiential learning and continuous training, it educates employees on how to detect phishing emails and utilize built-in reporter tools for effective triage. The platform is part of a comprehensive security awareness program that helps organizations demonstrate their commitment to protecting sensitive information and complying with regulatory requirements.
Overall, Cofense PhishMe is widely used by organizations seeking to enhance their email security defenses by empowering employees to proactively identify and report potential phishing threats. It provides automation, valuable insights, and user-friendly features that contribute to creating a more resilient cybersecurity posture.
User-Friendly Interface: Many users have praised the product for its friendly and intuitive user interface, making it easy to navigate and organize campaigns. It has been described as intuitive and has saved users time by allowing them to report phishing attempts with just a click of a button.
Customizability: The ability to customize the product has been highly valued by users. They appreciate the flexibility in creating automation rules and recipes to handle a large flow of reports. Users also mentioned that the product offers detailed whitelisting instructions and a wide variety of customizable templates.
Excellent Customer Support: Users have consistently praised the customer support provided by the company. They found the support to be great, with an outstanding account manager. Assigned professionals advising and suggesting the best approach for their user base was also appreciated. The availability of multilingual support was mentioned as a positive aspect for global companies.
Laggy Performance: Some users have reported experiencing significant laggy performance with the web version support, resulting in frustratingly slow upload and download rates for results and recipient lists. This issue has hindered their workflow efficiency and affected their overall experience with the software.
Limited Account Management: Users have expressed frustration with the limited capabilities of account management within the software. They feel that it could be improved by offering more automated features, such as user cleanup for inactive accounts. The current manual process is time-consuming and inconvenient for administrators.
Lack of Training Resources: Many users have voiced concerns about the lack of innovative training resources available in the software. They would like to see more options for customization, allowing them to tailor training materials to their specific needs. Additionally, users suggest that Cofense PhishMe should provide templates based on current trends in phishing attacks to enhance the effectiveness of their training programs and keep up with evolving threats in cybersecurity.
Attribute Ratings
Reviews
(1-18 of 18)Companies can't remove reviews or game the system. Here's why
December 15, 2022
Cofense PhishMe? You reeled me in!
We give each user the ability to report any email they deem suspicious, which then gets reviewed by a team within cybersecurity. The overall depth and information provided by Cofense has significantly increased our odds of detecting a malicious threat actor. It has also freed up a lot more time for the cyber team to work on other projects!
- Gives a plethora of data
- Automation
- Metrics
- The ability to change templates on the fly. Not all emails fit a certain template and I would like to not have to reach out to a user separately but instead be able through Cofense.
October 07, 2022
Cofense PhishMe from an MSSP view
We are an MSSP for Cofense PhishMe, and offer it as a managed service to our clients. We aim to solve our client's problems of poor phishing awareness and training, by offering this as a service. We run phishing simulations monthly using the platform and use the statistics it provides to create a monthly report to inform our clients about their success with training their users. Our simulations can be simple using the base templates, but we also offer customized scenarios, which use the PhishMe service to customize the details of a template and schedule and deploy the simulation to the client.
- Customisation
- Detailed whitelisting instructions
- Flexible scheduling options
- Good customer support
- Detailed and accurate statistics
- Cofense PhishMe could recommend current trends as templates
- There could be options to have multiple clients on one accounting for a basic shared service for clients who want a cheaper option
- A clearer dashboard that displays the statistics per scenario, and gives numbers of clicks/reports as well as the percentage, as the clients often want numbers as well as percentages
August 09, 2022
The Most Comprehensive phishing system in the world.
We are using Cofense frequently to report phishing mail. It is addressing resolving reporting issues before the user reporting is very difficult and it will take time; now, it is easy to report and find the malware, but it is very time-consuming. Cofense is very helpful for auto categorizations, so it will save lots of time.
- Creating the Rule for know emails.
- Sending notification is very useful to forward the request to SOC team for analyzing.
- Running play book is very useful and easy to resolve the issue.
- In the matches we need more details.
- Creating rules is very difficult.
- YARA rules are not understandable.
December 27, 2021
Cofense PhishMe Review: Gone Phishing!
[Cofense] PhishMe is being used by our department in an organization-wide effort to combat our #1 Attack Vector. [Cofense] PhishMe is able to address the queue and automation of submitted emails from our users. [Cofense] PhishMe also address the necessary information needed from emails submitted by parsing accurate and relevant information in our analysts' view.
- Recipe and rule matching [...] enables an advanced method to target, filter, and take quicker action on suspicious emails.
- Clustering similar events [...] organize and save time on MTTD and MTTr for incidents and intervention.
- Parsing critical information such as IPs, Email addresses, and URLs to help aggregate all the information into 1 single pane.
- Email and HTML preview allow ease of visibility without having to download or find/fetch the original content.
- Many of the URLs come in with an unknown reputation and although it may be challenging from threat intel feeds, somehow allowing a more in-depth analysis of the URL can provide better/quicker decision making or validation.
- Adjustable widgets for reporting, although the provided are already built very well.
- Provide in-house templates or summaries of actionable items, such as a single brief on a major phish.
Cofense PhishMe is an all-in-one solution for increasing Mail Security Awareness in the organisation. We use it to simulate phishing campaigns across different verticals in the organisation and calculate the susceptibility rate of the users to make them more aware of the indicators of compromise in phishing emails.
- Phishing Campaigns
- Historical Graphs for Phishing Campaigns
- Security Awareness Banners
- A better UI for which Cofense PhishMe is already working
- More region specific domains for phishing Campaigns
- More region specific scenarios for Phishing Campaigns
August 26, 2021
Cofense [PhishMe] at a Glance
[Cofense PhishMe] is used at Express for security awareness, security education, and protection of the organization from bad actors that are persistent and relentless in the pursuit of attacking the organization from the storefront, back office, and the C-suite.
- Education
- Filtering know bad.
- Responding to the reporter.
- Threat Intel API feeds.
- Sandbox
- User generated reporting.
August 19, 2021
Product review: Cofense PhishMe
We are using the Cofense PhishMe solution to send phishing scenarios and we are getting great results and great views in the console. The platform is easy to use and has a lot of resources. We are also using targeted scenarios from the module. Also, the LMS module provides great value to organizations as they have generalized security modules and also have gamification modules for security awareness programs. The platform is user-friendly and does not require training to use the platform. I was able to use it without any prior training. I am able to perform all phishing scenarios from the user-friendly console.
- Learning
- Phishing scenerios
- Awareness letters
- New content
- Innovative
- Resources for training
August 18, 2021
Phishing simulation with a small team for a big company
In the past, we were using it only on a quarterly basis as a benchmark type of activity. Nowadays, we are offering Phishing Simulation as a service to our departments and we are slowly getting to 1 big Q exercise (250k people) and 3-4 monthly ones (anywhere from 50 to 5k users).
- Friendly UX.
- Huge selection of phishes.
- Ability to customize.
- Web version support - sometimes it's too laggy.
- Upload/download rate for results and recipient lists.
August 15, 2021
PhishMe for Analyst
We use Cofense PhishMe for capturing the user-reported phish emails. The console is used in a Security Operations Center environment for 24x7x365. Basically, the information security team handles the administration and reported the email triaging part. The Cofense PhishMe plugin is installed on the email client of all the users so that they can report a suspicious email directly from their email client.
We triage the suspicious/malicious reported emails thereby using the different fields it provides like headers, body, URLs, and attachments section. We write custom Yara rules for easy automation.
It addresses the main concern that emails have become a major vector for malicious attacks and making user awareness and after that catching the bad guys we need assistance from a Cofense PhishMe like tool.
We triage the suspicious/malicious reported emails thereby using the different fields it provides like headers, body, URLs, and attachments section. We write custom Yara rules for easy automation.
It addresses the main concern that emails have become a major vector for malicious attacks and making user awareness and after that catching the bad guys we need assistance from a Cofense PhishMe like tool.
- It gives clear-cut segregation of different parts of an email, header, text and HTML body, URL, attachments, HTML preview and some analytical insight like "similar reports." This distinctive approach actually helps reduce data overload during an analysis.
- The URLs captured here pass through an automatic reputation check [in our case VirusTotal] and add a tag of the reputation. If it is a well-known bad URL the tag helps us take the decision fast.
- For creating automation rules on the reported emails the "Recipes" section is really helpful. We can create easy recipes [or rules ] to handle a huge flow of reports and also we can create more sophisticated rules depending on the Cyber intelligence feed to catch the really bad currently less known attack attempts by malicious emails.
- The "Threat Indicators" section is also useful to use as a threat intelligence source to check the URLs for their maliciousness.
- Need to add more OSINT APIs to check the reputation of embedded URLs and the hash of attached files.
- "Screen Capture" of the embedded URL links [after clicking on the embedded URL where the URL takes the user] will be really helpful for triaging basic credential harvesting attack scenarios.
- Integration of ProofPoint email gateway to Phishme triage will help us determine the number of email flow from a suspicious sender. This will reduce the requirement of opening another console just to check the number of emails from a particular sender.
August 12, 2021
Cofense review based on BAU usage
Cofense products help us manage various malicious and phishing emails. It lets our users, the last line of defense, identify any malevolent emails that might have glided past our email filters and enables them to report it to Cofense, who, in turn, perform analysis to provide us with the outlook of my organization's email threat landscape.
- Email analysis
- Simulation of phishing emails
- User awareness
- Visibility on how the IOC contribution from my orgn. is being used across the ecosystem.
- The simulation portal feels outdated.
- The reporting part could be better.
We use [Cofense] PhishMe to run global phishing simulation exercises across the organization. The simulations enable us to assess how well staff identify and report malicious emails. The platform also provides reporting and analytics, as well as a channel to engage staff with education and direct communication.
- We have an outstanding account manager
- The industry benchmarking and use of scenarios pulled from successful real world attacks helps to increase the validity of the phishing simulation programme.
- Running simulations with the support of the team is straightforward.
- UX
- Reporting and analytics - develop user dashboards and profiles
- Interactive training and development
February 04, 2021
Don't admire your phishing problem - fix it with PhishMe
We use it across the entire organization. It helps people better understand their susceptibility. Everyone knows that phishing is bad and we shouldn't click on bad links, yet it still happens. No amount of annual awareness training will change that. Cofense PhishMe lets people know as soon as they fell for one that they too are susceptible.
- Raw material - no need to go hunt out scenarios. There are plenty to choose from.
- Software interface makes it easy to organize a campaign.
- Reporting - it's easy to spot repeat offenders for additional phishing or individualized training.
- We like to pass each campaign by a couple of people. While I can send a test to someone, a simple workflow approval would be nice.
- You could automate user cleanup of inactive accounts a little better.
We use Cofense PhishMe globally across the whole organization of approx. 60k users. It is part of our security awareness program and through simulated phishing emails provides experiential learning to users. Through practice, they get better at spotting a suspicious email. We also use the Cofense Phishing Reporter button that gives a user a one-click way to report a suspicious email.
- Service - it isn't just another tool you need to operate. Cofense service includes an assigned professional who can advise, suggest, discuss with you the best approach for your user base, and operate the tool on your behalf.
- Multilingual - for a global company it is a must. We have simulated emails as well as educational material in multiple languages. Cofense PhishMe already has a lot of material in a number of languages, plus they can take care of translations into additional languages for you.
- Reporter button - with an add-on for Outlook (or other email clients) a user can report a suspicious email to their helpdesk with one click. In case of a simulated phishing email a report is not sent but rather a congratulation is displayed to a user.
- Playing it too safe #1 - They will only allow you to send emails to domains you own or control. So if you have people working for you with access to your systems but they have a third-party email (e.g. vendor/contractor domain or Gmail) you won't be able to send simulations to those users.
- Playing it too safe #2 - While their email template library is large and inspired by real-world phishing emails, for legal reasons they avoid close imitation of real companies - including names, logos, sender, etc. As a result, you'll still find delivery notification email or Office365 look-alikes, but not truly impersonating real-world companies thus being less misleading.
- Gamification - I'm not aware of a phishing quiz or a game in their educational material. There is no mobile app for users to compete with their coworkers e.g. number of reported malicious emails, number of spotted simulated emails, etc.
May 04, 2020
Cofense PhishMe Review
Practical training awareness becomes very important to prevent potential harm and our employees need to be able to recognize the phishing attempt. So, we use Cofense PhishMe phishing awareness program for its effectiveness, efficiency, and reporting. The functionality of Cofense PhishMe immediate feedback when a user clicks a phishing link with in-depth reporting capabilities helps us to use behavior analyzing and take immediate action. The Cofense PhishMe templates (including different languages) to customize the educational campaign are very useful.
- Wide range of templates, which are always updated and addressing threats organizations face today.
- Security teams use the information from Phish Reporter to implement countermeasures.
- Providing training materials that help to educate employees
- To provide a more convenient way to modify/change mail addresses
May 02, 2020
Cofense Phishing Awareness
We use Cofense for our ongoing phishing awareness campaigns; it's a great tool to run the program. We used to run manual campaigns previously, but doing it so manually makes it fairly complicated to run reports and maintain a dashboard. Cofense is used across the organization, including the whole workforce.
- Scheduling campaigns
- User list management.
- Variety of templates.
- Community portal.
- Board report is not automated.
May 01, 2020
Cofense PhishMe became our 'Catch of the Day'
Our company is using Cofense PhishMe across the entire organization as part of a larger security awareness program that has been designed to give end users the tools and knowledge to recognize clear and present dangers. The email inbox is one of the easiest vectors that an external actor can access as email addresses are typically published in multiple places online. Cofense PhishMe is being used to address the real world problem of users not recognizing legitimate vs. fake or malicious email.
- PhishMe scenarios are based on real-world examples of malicious email reported through one of their other product offerings; Phishing Defense Center (PDC)
- Scenarios have the ability to be easily customized and changed to suit the needs of your own organization to make them more relevant. This increases the chance of a click or attachment opening providing a teachable moment with more users.
- Console is easy to navigate and use for all levels of technical ability. Not everyone on our team is technically inclined, however, the interface is easy to understand and obtain information from allowing everyone who uses it to be comfortable.
- Reporting capabilities from completed scenarios is quite good as long as you provide the detail on users during initial import or sync.
- There is only the ability to run one Playbook at a time. For larger enterprises that may have more than one organization they wish to target in different ways, this is a limitation that requires some clever workarounds.
- Despite the efforts of reporting and statistics to remove false clicks and multiple clicks from the same users, there are several times we have had to analyze raw data exports in Excel to verify (and correct) our final metrics for scenarios. Not a deal-breaker, however, does require a time investment.
- Adding/removing users to the PhishMe instance requires a ticket to be submitted to Support. There is no method in the instance for us to do this at our company.
January 29, 2020
Cofense PhishMe Review
We utilize PhishMe to perform phishing scenarios within our organization in order to increase phishing awareness and education. It's currently being utilized by our information security team. PhishMe helps show the regulators that we are continually training our end users.
- Relevant/current phishing scenarios.
- Great educational awareness.
- Does not integrate with Active Directory. You either have to upload a spreadsheet of users or utilize their recipient generator. Would be nice to have an API with AD.
- Doesn't allow us to spoof legitimate companies. The bad actors do this and other phishing platforms allow this as well. Cofense is legally scared to allow spoofing.
October 22, 2019
Phishing is gone
We use it to track phishing attempts and report them. We have it deployed across the entire firm and each user has been educated that when they get a phishing attempt they should use the report button. We sometimes conduct tests using this software and we are able to report how many people reported it.
- The software is really easy to use, I am able to just click a button to report any and all phishing attempts.
- By it being a one button press it allows me to spend more time doing other things.
- We are able to conduct tests using PHISHME to audit our internal clients.
- I don't think anything could be improved it's a simple intuitive software.