TrustRadius Insights
Cofense PhishMe is a versatile platform that addresses the growing concern of email-based attacks and helps organizations improve their …
Overview
What is Cofense PhishMe?
Cofense PhishMe is a cyber threat and phishing simulator meant to be of use in training employees to be wary against threats and also to gain information about general employee threat knowledge and preparedness. A free trial is available for…
Recent Reviews
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Pricing
N/A
Unavailable
What is Cofense PhishMe?
Cofense PhishMe is a cyber threat and phishing simulator meant to be of use in training employees to be wary against threats and also to gain information about general employee threat knowledge and preparedness. A free trial is available for small business.
Entry-level set up fee?
- No setup fee
For the latest information on pricing, visithttps://cofense.com/pricing
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
34 people also want pricing
Alternatives Pricing
What is KnowBe4 Security Awareness Training?
KnowBe4 is a security awareness training and simulated phishing platform used by more than 65,000 organizations around the globe. Founded by IT and data security specialist, Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO…
What is CyberHoot?
CyberHoot is presented as a simple, fast and effective employee Security Training Platform from the company of the same name headquartered in Portsmouth. The platform includes 700+ Training Videos, 25+ Policy Templates, and Phish Testing.
Product Details
- About
- Competitors
- Tech Details
- Downloadables
- FAQs
What is Cofense PhishMe?
Cofense PhishMe™ is the flagship behavior conditioning, phishing awareness platform from Cofense™ which the vendor states is trusted by over 2500 enterprise customers across all verticals. Using simulated phishing emails, Cofense PhishMe conditions users to identify and report email-based threats that bypass secure email gateways and land in user inboxes. Cofense PhishMe uses experiential learning at the point of failure to reinforce positive security awareness behavior.
A phishing simulation program must reflect the real threat landscape. Cofense boasts a unique perspective on the threat landscape, with insights into threat actors & campaigns in the wild, together with unrivalled visibility of phishing threats that bypass existing security controls to reach the recipient inbox. Leveraging this perspective, Cofense PhishMe operationalizes real, active threats into realistic phishing scenarios to ensure program relevance. The vendor describes Cofense PhishMe as using intelligent automation, advanced algorithms, and embedded best practices to increase user engagement and reduce program planning, management, and execution overhead. Cofense PhishMe’s education library includes content created by its content team, as well as from 3rd party content vendors.
Cofense PhishMe has been rated as a leader in the Gartner Magic Quadrant for Security Awareness CBT Solutions and a Gartner peer insights Customer’ Choice security awareness vendor 2 years in a row.
Cofense PhishMe Features
- Supported: Real Threat & Secure Email Gateway Miss Templates – increase relevance of programs by simulating real threats observed to bypass common Secure Email Gateways
- Supported: Responsive Delivery – increase program engagement and eliminate global scheduling challenges by delivering simulation emails only when users are active in their mailbox
- Supported: Smart Suggest – advanced algorithms and embedded best practice provide program guidance based on industry relevance and program history.
- Supported: Recipient Sync - automates syncing of recipients from Azure Active Directory to PhishMe. Utilize Recipient Sync and Dynamic Groups for fully automated group management.
- Supported: Automated Playbooks – automate execution of a 12-month simulation program with just a few clicks.
- Supported: Comprehensive education catalog including content from leading third-party providers including NINJIO and AwareGo.
- Supported: Board Reports – executive level insight into program performance and changes in resiliency to phishing.
Cofense PhishMe Screenshots
Cofense PhishMe Video
Cofense PhishMe Responsive Delivery – increase program engagement, reduce whitelisting and eliminate global scheduling challenges by delivering simulation emails only when users are active in their inbox.
Cofense PhishMe Competitors
- KnowBe4 Security Awareness Training
- Proofpoint/Wombat
- Ironscales
Cofense PhishMe Technical Details
| Deployment Types | Software as a Service (SaaS), Cloud, or Web-Based |
|---|---|
| Operating Systems | Unspecified |
| Mobile Application | No |
| Supported Countries | Global |
| Supported Languages | English - American, English – British, English – Australian, Afrikaans, Arabic, Chinese – Simplified, Chinese – Traditional, Czech, Danish, Dutch, Finnish, French, French – Canadian, German, Greek, Indonesian, Italian, Japanese, Korean, Norwegian, Polish, Portuguese, Brazilian Portuguese, Romanian, Russian, Serbian, Slovak, Spanish, Spanish – Latin American, Swedish, and Turkish |
Cofense PhishMe Downloadables
Frequently Asked Questions
Cofense PhishMe is a cyber threat and phishing simulator meant to be of use in training employees to be wary against threats and also to gain information about general employee threat knowledge and preparedness. A free trial is available for small business.
KnowBe4 Security Awareness Training are common alternatives for Cofense PhishMe.
Reviewers rate Role-based user permissions highest, with a score of 8.1.
The most common users of Cofense PhishMe are from Enterprises (1,001+ employees).
Cofense PhishMe Customer Size Distribution
| Consumers | 0% |
|---|---|
| Small Businesses (1-50 employees) | 4% |
| Mid-Size Companies (51-500 employees) | 35% |
| Enterprises (more than 500 employees) | 61% |
Comparisons
Compare with
Reviews and Ratings
(49)
Community Insights
TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!
- Business Problems Solved
- Pros
- Cons
Cofense PhishMe is a versatile platform that addresses the growing concern of email-based attacks and helps organizations improve their cybersecurity. Users report suspicious emails directly from their email client using the Cofense PhishMe plugin, streamlining the process of identifying potential threats. The information security team then triages and analyzes the reported emails, leveraging the different fields provided by Cofense PhishMe to efficiently categorize and prioritize them for further investigation.
One key use case of Cofense PhishMe is its ability to simulate phishing scenarios, providing valuable insights into users' susceptibility to such attacks. This helps organizations better understand their employees' level of awareness and readiness in recognizing and reporting phishing scams or malicious emails. The platform offers a user-friendly interface that does not require extensive training, making it accessible to users across the organization.
Additionally, Cofense PhishMe helps track phishing attempts and enables users to easily report suspicious emails for further action. By automating the categorization of reported emails, the platform saves time and streamlines the analysis process. It also provides statistics that inform clients about the success of their user training efforts, empowering organizations to continually improve mail security awareness.
Furthermore, Cofense PhishMe plays a vital role in increasing users' recognition of legitimate versus fake or malicious emails. Through experiential learning and continuous training, it educates employees on how to detect phishing emails and utilize built-in reporter tools for effective triage. The platform is part of a comprehensive security awareness program that helps organizations demonstrate their commitment to protecting sensitive information and complying with regulatory requirements.
Overall, Cofense PhishMe is widely used by organizations seeking to enhance their email security defenses by empowering employees to proactively identify and report potential phishing threats. It provides automation, valuable insights, and user-friendly features that contribute to creating a more resilient cybersecurity posture.
User-Friendly Interface: Many users have praised the product for its friendly and intuitive user interface, making it easy to navigate and organize campaigns. It has been described as intuitive and has saved users time by allowing them to report phishing attempts with just a click of a button.
Customizability: The ability to customize the product has been highly valued by users. They appreciate the flexibility in creating automation rules and recipes to handle a large flow of reports. Users also mentioned that the product offers detailed whitelisting instructions and a wide variety of customizable templates.
Excellent Customer Support: Users have consistently praised the customer support provided by the company. They found the support to be great, with an outstanding account manager. Assigned professionals advising and suggesting the best approach for their user base was also appreciated. The availability of multilingual support was mentioned as a positive aspect for global companies.
Laggy Performance: Some users have reported experiencing significant laggy performance with the web version support, resulting in frustratingly slow upload and download rates for results and recipient lists. This issue has hindered their workflow efficiency and affected their overall experience with the software.
Limited Account Management: Users have expressed frustration with the limited capabilities of account management within the software. They feel that it could be improved by offering more automated features, such as user cleanup for inactive accounts. The current manual process is time-consuming and inconvenient for administrators.
Lack of Training Resources: Many users have voiced concerns about the lack of innovative training resources available in the software. They would like to see more options for customization, allowing them to tailor training materials to their specific needs. Additionally, users suggest that Cofense PhishMe should provide templates based on current trends in phishing attacks to enhance the effectiveness of their training programs and keep up with evolving threats in cybersecurity.
Attribute Ratings
Reviews
(1-8 of 8)Companies can't remove reviews or game the system. Here's why
October 07, 2022
Cofense PhishMe from an MSSP view
We are an MSSP for Cofense PhishMe, and offer it as a managed service to our clients. We aim to solve our client's problems of poor phishing awareness and training, by offering this as a service. We run phishing simulations monthly using the platform and use the statistics it provides to create a monthly report to inform our clients about their success with training their users. Our simulations can be simple using the base templates, but we also offer customized scenarios, which use the PhishMe service to customize the details of a template and schedule and deploy the simulation to the client.
- Customisation
- Detailed whitelisting instructions
- Flexible scheduling options
- Good customer support
- Detailed and accurate statistics
- Cofense PhishMe could recommend current trends as templates
- There could be options to have multiple clients on one accounting for a basic shared service for clients who want a cheaper option
- A clearer dashboard that displays the statistics per scenario, and gives numbers of clicks/reports as well as the percentage, as the clients often want numbers as well as percentages
Cofense PhishMe is an all-in-one solution for increasing Mail Security Awareness in the organisation. We use it to simulate phishing campaigns across different verticals in the organisation and calculate the susceptibility rate of the users to make them more aware of the indicators of compromise in phishing emails.
- Phishing Campaigns
- Historical Graphs for Phishing Campaigns
- Security Awareness Banners
- A better UI for which Cofense PhishMe is already working
- More region specific domains for phishing Campaigns
- More region specific scenarios for Phishing Campaigns
August 18, 2021
Phishing simulation with a small team for a big company
In the past, we were using it only on a quarterly basis as a benchmark type of activity. Nowadays, we are offering Phishing Simulation as a service to our departments and we are slowly getting to 1 big Q exercise (250k people) and 3-4 monthly ones (anywhere from 50 to 5k users).
- Friendly UX.
- Huge selection of phishes.
- Ability to customize.
- Web version support - sometimes it's too laggy.
- Upload/download rate for results and recipient lists.
August 15, 2021
PhishMe for Analyst
We use Cofense PhishMe for capturing the user-reported phish emails. The console is used in a Security Operations Center environment for 24x7x365. Basically, the information security team handles the administration and reported the email triaging part. The Cofense PhishMe plugin is installed on the email client of all the users so that they can report a suspicious email directly from their email client.
We triage the suspicious/malicious reported emails thereby using the different fields it provides like headers, body, URLs, and attachments section. We write custom Yara rules for easy automation.
It addresses the main concern that emails have become a major vector for malicious attacks and making user awareness and after that catching the bad guys we need assistance from a Cofense PhishMe like tool.
We triage the suspicious/malicious reported emails thereby using the different fields it provides like headers, body, URLs, and attachments section. We write custom Yara rules for easy automation.
It addresses the main concern that emails have become a major vector for malicious attacks and making user awareness and after that catching the bad guys we need assistance from a Cofense PhishMe like tool.
- It gives clear-cut segregation of different parts of an email, header, text and HTML body, URL, attachments, HTML preview and some analytical insight like "similar reports." This distinctive approach actually helps reduce data overload during an analysis.
- The URLs captured here pass through an automatic reputation check [in our case VirusTotal] and add a tag of the reputation. If it is a well-known bad URL the tag helps us take the decision fast.
- For creating automation rules on the reported emails the "Recipes" section is really helpful. We can create easy recipes [or rules ] to handle a huge flow of reports and also we can create more sophisticated rules depending on the Cyber intelligence feed to catch the really bad currently less known attack attempts by malicious emails.
- The "Threat Indicators" section is also useful to use as a threat intelligence source to check the URLs for their maliciousness.
- Need to add more OSINT APIs to check the reputation of embedded URLs and the hash of attached files.
- "Screen Capture" of the embedded URL links [after clicking on the embedded URL where the URL takes the user] will be really helpful for triaging basic credential harvesting attack scenarios.
- Integration of ProofPoint email gateway to Phishme triage will help us determine the number of email flow from a suspicious sender. This will reduce the requirement of opening another console just to check the number of emails from a particular sender.
August 13, 2021
Cofense - Great Value & Even Better Product.
We are utilizing Cofense PhishMe to provide phishing campaigns to all employees quarterly and targeted groups monthly. It addresses education needs for employees to recognize phishing emails and utilize the reporter button to send emails to Triage.
- Easy to Navigate GUI - easy to create and run scenarios
- In depth reporting - Ability to provide detailed reports by department, title, etc. for follow-up training
- Adoption of new technology - new additions such as Responsive Delivery and Recipient Sync allow less overhead for running scenarios
- Introduction of new templates - new templates being introduced all the time to keep up with currently seen campaigns
- Completely switching to the new UI - Most is redesigned, but some old elements remain
- Ability to spoof known brands - limited in scope now and you are not allowed to use fully "convincing" campaigns that we are seeing in the wild
- Ability to own and manage own domains - right now adding a new company domain requires a ticket, allow us to add/verify ourselves
July 23, 2021
Great Phishing simulation provider
We use Cofense PhishMe enterprise wide. We use it for security awareness and education. Monthly phishing simulation tests are done to help our users understand and identify phishing emails. We also use the metrics from these test extensively to target areas that may require additional education. Targeted phishing simulations are done as well.
- Updated templates for phishing exercises
- Great customer service and support
- Great scenario summary reports
- Nice interface /dashboard on web site.
- Self service to download pdf's for education material
- Would like to see more Awareness newsletters
- Self service customization of training materials.
We use Cofense PhishMe globally across the whole organization of approx. 60k users. It is part of our security awareness program and through simulated phishing emails provides experiential learning to users. Through practice, they get better at spotting a suspicious email. We also use the Cofense Phishing Reporter button that gives a user a one-click way to report a suspicious email.
- Service - it isn't just another tool you need to operate. Cofense service includes an assigned professional who can advise, suggest, discuss with you the best approach for your user base, and operate the tool on your behalf.
- Multilingual - for a global company it is a must. We have simulated emails as well as educational material in multiple languages. Cofense PhishMe already has a lot of material in a number of languages, plus they can take care of translations into additional languages for you.
- Reporter button - with an add-on for Outlook (or other email clients) a user can report a suspicious email to their helpdesk with one click. In case of a simulated phishing email a report is not sent but rather a congratulation is displayed to a user.
- Playing it too safe #1 - They will only allow you to send emails to domains you own or control. So if you have people working for you with access to your systems but they have a third-party email (e.g. vendor/contractor domain or Gmail) you won't be able to send simulations to those users.
- Playing it too safe #2 - While their email template library is large and inspired by real-world phishing emails, for legal reasons they avoid close imitation of real companies - including names, logos, sender, etc. As a result, you'll still find delivery notification email or Office365 look-alikes, but not truly impersonating real-world companies thus being less misleading.
- Gamification - I'm not aware of a phishing quiz or a game in their educational material. There is no mobile app for users to compete with their coworkers e.g. number of reported malicious emails, number of spotted simulated emails, etc.
June 14, 2019
Does its job, but is lacking
Cofense PhishMe allows employees at my company to report when we receive phishing emails. For a large corporation with predictable emails names, those emails come fairly often and employees are subject to dangerous emails when they're unfamiliar. Cofense PhishMe is integrated into our email system and makes reporting a breeze. After reporting, the issue gets sent to IT and they will determine the next steps.
- Easy to report suspected phishing emails to IT and security teams.
- IT and security teams are able to look into phishing emails right away.
- Cofense is integrated into our email system and is easy to find.
- It should be able to filter our emails automatically.
- It should be able to put the phishing or spam emails in a quarantine.
- Cofense PhishMe should do more than just be a button on our email platform.