TrustRadius Insights
Cofense PhishMe is a versatile platform that addresses the growing concern of email-based attacks and helps organizations improve their …
Overview
What is Cofense PhishMe?
Cofense PhishMe is a cyber threat and phishing simulator meant to be of use in training employees to be wary against threats and also to gain information about general employee threat knowledge and preparedness. A free trial is available for…
Recent Reviews
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Pricing
N/A
Unavailable
What is Cofense PhishMe?
Cofense PhishMe is a cyber threat and phishing simulator meant to be of use in training employees to be wary against threats and also to gain information about general employee threat knowledge and preparedness. A free trial is available for small business.
Entry-level set up fee?
- No setup fee
For the latest information on pricing, visithttps://cofense.com/pricing
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
34 people also want pricing
Alternatives Pricing
What is KnowBe4 Security Awareness Training?
KnowBe4 is a security awareness training and simulated phishing platform used by more than 65,000 organizations around the globe. Founded by IT and data security specialist, Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO…
What is CyberHoot?
CyberHoot is presented as a simple, fast and effective employee Security Training Platform from the company of the same name headquartered in Portsmouth. The platform includes 700+ Training Videos, 25+ Policy Templates, and Phish Testing.
Product Details
- About
- Competitors
- Tech Details
- Downloadables
- FAQs
What is Cofense PhishMe?
Cofense PhishMe™ is the flagship behavior conditioning, phishing awareness platform from Cofense™ which the vendor states is trusted by over 2500 enterprise customers across all verticals. Using simulated phishing emails, Cofense PhishMe conditions users to identify and report email-based threats that bypass secure email gateways and land in user inboxes. Cofense PhishMe uses experiential learning at the point of failure to reinforce positive security awareness behavior.
A phishing simulation program must reflect the real threat landscape. Cofense boasts a unique perspective on the threat landscape, with insights into threat actors & campaigns in the wild, together with unrivalled visibility of phishing threats that bypass existing security controls to reach the recipient inbox. Leveraging this perspective, Cofense PhishMe operationalizes real, active threats into realistic phishing scenarios to ensure program relevance. The vendor describes Cofense PhishMe as using intelligent automation, advanced algorithms, and embedded best practices to increase user engagement and reduce program planning, management, and execution overhead. Cofense PhishMe’s education library includes content created by its content team, as well as from 3rd party content vendors.
Cofense PhishMe has been rated as a leader in the Gartner Magic Quadrant for Security Awareness CBT Solutions and a Gartner peer insights Customer’ Choice security awareness vendor 2 years in a row.
Cofense PhishMe Features
- Supported: Real Threat & Secure Email Gateway Miss Templates – increase relevance of programs by simulating real threats observed to bypass common Secure Email Gateways
- Supported: Responsive Delivery – increase program engagement and eliminate global scheduling challenges by delivering simulation emails only when users are active in their mailbox
- Supported: Smart Suggest – advanced algorithms and embedded best practice provide program guidance based on industry relevance and program history.
- Supported: Recipient Sync - automates syncing of recipients from Azure Active Directory to PhishMe. Utilize Recipient Sync and Dynamic Groups for fully automated group management.
- Supported: Automated Playbooks – automate execution of a 12-month simulation program with just a few clicks.
- Supported: Comprehensive education catalog including content from leading third-party providers including NINJIO and AwareGo.
- Supported: Board Reports – executive level insight into program performance and changes in resiliency to phishing.
Cofense PhishMe Screenshots
Cofense PhishMe Video
Cofense PhishMe Responsive Delivery – increase program engagement, reduce whitelisting and eliminate global scheduling challenges by delivering simulation emails only when users are active in their inbox.
Cofense PhishMe Competitors
- KnowBe4 Security Awareness Training
- Proofpoint/Wombat
- Ironscales
Cofense PhishMe Technical Details
| Deployment Types | Software as a Service (SaaS), Cloud, or Web-Based |
|---|---|
| Operating Systems | Unspecified |
| Mobile Application | No |
| Supported Countries | Global |
| Supported Languages | English - American, English – British, English – Australian, Afrikaans, Arabic, Chinese – Simplified, Chinese – Traditional, Czech, Danish, Dutch, Finnish, French, French – Canadian, German, Greek, Indonesian, Italian, Japanese, Korean, Norwegian, Polish, Portuguese, Brazilian Portuguese, Romanian, Russian, Serbian, Slovak, Spanish, Spanish – Latin American, Swedish, and Turkish |
Cofense PhishMe Downloadables
Frequently Asked Questions
Cofense PhishMe is a cyber threat and phishing simulator meant to be of use in training employees to be wary against threats and also to gain information about general employee threat knowledge and preparedness. A free trial is available for small business.
KnowBe4 Security Awareness Training are common alternatives for Cofense PhishMe.
Reviewers rate Role-based user permissions highest, with a score of 8.1.
The most common users of Cofense PhishMe are from Enterprises (1,001+ employees).
Cofense PhishMe Customer Size Distribution
| Consumers | 0% |
|---|---|
| Small Businesses (1-50 employees) | 4% |
| Mid-Size Companies (51-500 employees) | 35% |
| Enterprises (more than 500 employees) | 61% |
Comparisons
Compare with
Reviews and Ratings
(49)
Community Insights
TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!
- Business Problems Solved
- Pros
- Cons
Cofense PhishMe is a versatile platform that addresses the growing concern of email-based attacks and helps organizations improve their cybersecurity. Users report suspicious emails directly from their email client using the Cofense PhishMe plugin, streamlining the process of identifying potential threats. The information security team then triages and analyzes the reported emails, leveraging the different fields provided by Cofense PhishMe to efficiently categorize and prioritize them for further investigation.
One key use case of Cofense PhishMe is its ability to simulate phishing scenarios, providing valuable insights into users' susceptibility to such attacks. This helps organizations better understand their employees' level of awareness and readiness in recognizing and reporting phishing scams or malicious emails. The platform offers a user-friendly interface that does not require extensive training, making it accessible to users across the organization.
Additionally, Cofense PhishMe helps track phishing attempts and enables users to easily report suspicious emails for further action. By automating the categorization of reported emails, the platform saves time and streamlines the analysis process. It also provides statistics that inform clients about the success of their user training efforts, empowering organizations to continually improve mail security awareness.
Furthermore, Cofense PhishMe plays a vital role in increasing users' recognition of legitimate versus fake or malicious emails. Through experiential learning and continuous training, it educates employees on how to detect phishing emails and utilize built-in reporter tools for effective triage. The platform is part of a comprehensive security awareness program that helps organizations demonstrate their commitment to protecting sensitive information and complying with regulatory requirements.
Overall, Cofense PhishMe is widely used by organizations seeking to enhance their email security defenses by empowering employees to proactively identify and report potential phishing threats. It provides automation, valuable insights, and user-friendly features that contribute to creating a more resilient cybersecurity posture.
User-Friendly Interface: Many users have praised the product for its friendly and intuitive user interface, making it easy to navigate and organize campaigns. It has been described as intuitive and has saved users time by allowing them to report phishing attempts with just a click of a button.
Customizability: The ability to customize the product has been highly valued by users. They appreciate the flexibility in creating automation rules and recipes to handle a large flow of reports. Users also mentioned that the product offers detailed whitelisting instructions and a wide variety of customizable templates.
Excellent Customer Support: Users have consistently praised the customer support provided by the company. They found the support to be great, with an outstanding account manager. Assigned professionals advising and suggesting the best approach for their user base was also appreciated. The availability of multilingual support was mentioned as a positive aspect for global companies.
Laggy Performance: Some users have reported experiencing significant laggy performance with the web version support, resulting in frustratingly slow upload and download rates for results and recipient lists. This issue has hindered their workflow efficiency and affected their overall experience with the software.
Limited Account Management: Users have expressed frustration with the limited capabilities of account management within the software. They feel that it could be improved by offering more automated features, such as user cleanup for inactive accounts. The current manual process is time-consuming and inconvenient for administrators.
Lack of Training Resources: Many users have voiced concerns about the lack of innovative training resources available in the software. They would like to see more options for customization, allowing them to tailor training materials to their specific needs. Additionally, users suggest that Cofense PhishMe should provide templates based on current trends in phishing attacks to enhance the effectiveness of their training programs and keep up with evolving threats in cybersecurity.
Attribute Ratings
Reviews
(1-25 of 28)Companies can't remove reviews or game the system. Here's why
April 17, 2023
The best tool to go on a Phishing trip!
Score 10 out of 10
Vetted Review
Verified User
- Playbooks
- Rules matching
- Risk Score
- IOC Matching
- Custom Triggers
- Custom Reports
December 15, 2022
Cofense PhishMe? You reeled me in!
- Gives a plethora of data
- Automation
- Metrics
- The ability to change templates on the fly. Not all emails fit a certain template and I would like to not have to reach out to a user separately but instead be able through Cofense.
October 07, 2022
Cofense PhishMe from an MSSP view
- Customisation
- Detailed whitelisting instructions
- Flexible scheduling options
- Good customer support
- Detailed and accurate statistics
- Cofense PhishMe could recommend current trends as templates
- There could be options to have multiple clients on one accounting for a basic shared service for clients who want a cheaper option
- A clearer dashboard that displays the statistics per scenario, and gives numbers of clicks/reports as well as the percentage, as the clients often want numbers as well as percentages
August 09, 2022
The Most Comprehensive phishing system in the world.
- Creating the Rule for know emails.
- Sending notification is very useful to forward the request to SOC team for analyzing.
- Running play book is very useful and easy to resolve the issue.
- In the matches we need more details.
- Creating rules is very difficult.
- YARA rules are not understandable.
December 27, 2021
Cofense PhishMe Review: Gone Phishing!
- Recipe and rule matching [...] enables an advanced method to target, filter, and take quicker action on suspicious emails.
- Clustering similar events [...] organize and save time on MTTD and MTTr for incidents and intervention.
- Parsing critical information such as IPs, Email addresses, and URLs to help aggregate all the information into 1 single pane.
- Email and HTML preview allow ease of visibility without having to download or find/fetch the original content.
- Many of the URLs come in with an unknown reputation and although it may be challenging from threat intel feeds, somehow allowing a more in-depth analysis of the URL can provide better/quicker decision making or validation.
- Adjustable widgets for reporting, although the provided are already built very well.
- Provide in-house templates or summaries of actionable items, such as a single brief on a major phish.
December 13, 2021
Cofense PhishMe - Review
- Process reported phishing emails
- Threat Intelligence
- Phishing Simulation
- AI in Cofense PhishMe protect
- Future products
- Integrations with other technologies
- Phishing Campaigns
- Historical Graphs for Phishing Campaigns
- Security Awareness Banners
- A better UI for which Cofense PhishMe is already working
- More region specific domains for phishing Campaigns
- More region specific scenarios for Phishing Campaigns
August 26, 2021
Cofense [PhishMe] at a Glance
- Education
- Filtering know bad.
- Responding to the reporter.
- Threat Intel API feeds.
- Sandbox
- User generated reporting.
August 24, 2021
Fantastic product for the price, robust feature set
- Quick response from triage.
- Simple and easy to use.
- Accurate
- More automation.
- Ability to work in non-outlook apps.
August 19, 2021
Product review: Cofense PhishMe
- Learning
- Phishing scenerios
- Awareness letters
- New content
- Innovative
- Resources for training
August 18, 2021
Phishing simulation with a small team for a big company
- Friendly UX.
- Huge selection of phishes.
- Ability to customize.
- Web version support - sometimes it's too laggy.
- Upload/download rate for results and recipient lists.
August 15, 2021
PhishMe for Analyst
- It gives clear-cut segregation of different parts of an email, header, text and HTML body, URL, attachments, HTML preview and some analytical insight like "similar reports." This distinctive approach actually helps reduce data overload during an analysis.
- The URLs captured here pass through an automatic reputation check [in our case VirusTotal] and add a tag of the reputation. If it is a well-known bad URL the tag helps us take the decision fast.
- For creating automation rules on the reported emails the "Recipes" section is really helpful. We can create easy recipes [or rules ] to handle a huge flow of reports and also we can create more sophisticated rules depending on the Cyber intelligence feed to catch the really bad currently less known attack attempts by malicious emails.
- The "Threat Indicators" section is also useful to use as a threat intelligence source to check the URLs for their maliciousness.
- Need to add more OSINT APIs to check the reputation of embedded URLs and the hash of attached files.
- "Screen Capture" of the embedded URL links [after clicking on the embedded URL where the URL takes the user] will be really helpful for triaging basic credential harvesting attack scenarios.
- Integration of ProofPoint email gateway to Phishme triage will help us determine the number of email flow from a suspicious sender. This will reduce the requirement of opening another console just to check the number of emails from a particular sender.
August 13, 2021
Cofense - Great Value & Even Better Product.
- Easy to Navigate GUI - easy to create and run scenarios
- In depth reporting - Ability to provide detailed reports by department, title, etc. for follow-up training
- Adoption of new technology - new additions such as Responsive Delivery and Recipient Sync allow less overhead for running scenarios
- Introduction of new templates - new templates being introduced all the time to keep up with currently seen campaigns
- Completely switching to the new UI - Most is redesigned, but some old elements remain
- Ability to spoof known brands - limited in scope now and you are not allowed to use fully "convincing" campaigns that we are seeing in the wild
- Ability to own and manage own domains - right now adding a new company domain requires a ticket, allow us to add/verify ourselves
August 12, 2021
Cofense review based on BAU usage
- Email analysis
- Simulation of phishing emails
- User awareness
- Visibility on how the IOC contribution from my orgn. is being used across the ecosystem.
- The simulation portal feels outdated.
- The reporting part could be better.
July 23, 2021
Cofense PhishMe Review
- Phishing templates: variety and customization
- Multi-language training
- Personal support
- More specific training CBT modules by function, e.g. legal/finance/sales/software development
July 23, 2021
Great Phishing simulation provider
- Updated templates for phishing exercises
- Great customer service and support
- Great scenario summary reports
- Nice interface /dashboard on web site.
- Self service to download pdf's for education material
- Would like to see more Awareness newsletters
- Self service customization of training materials.
- We have an outstanding account manager
- The industry benchmarking and use of scenarios pulled from successful real world attacks helps to increase the validity of the phishing simulation programme.
- Running simulations with the support of the team is straightforward.
- UX
- Reporting and analytics - develop user dashboards and profiles
- Interactive training and development
February 07, 2021
Cofense PhishMe: Phishing simulator
- Setting up campaigns is easy.
- There are lots of examples that can be built from.
- The training if a user falls for the phishing is well thought out and presented.
- Account management could be done better. Removing users is a good example.
February 04, 2021
Don't admire your phishing problem - fix it with PhishMe
- Raw material - no need to go hunt out scenarios. There are plenty to choose from.
- Software interface makes it easy to organize a campaign.
- Reporting - it's easy to spot repeat offenders for additional phishing or individualized training.
- We like to pass each campaign by a couple of people. While I can send a test to someone, a simple workflow approval would be nice.
- You could automate user cleanup of inactive accounts a little better.
- Service - it isn't just another tool you need to operate. Cofense service includes an assigned professional who can advise, suggest, discuss with you the best approach for your user base, and operate the tool on your behalf.
- Multilingual - for a global company it is a must. We have simulated emails as well as educational material in multiple languages. Cofense PhishMe already has a lot of material in a number of languages, plus they can take care of translations into additional languages for you.
- Reporter button - with an add-on for Outlook (or other email clients) a user can report a suspicious email to their helpdesk with one click. In case of a simulated phishing email a report is not sent but rather a congratulation is displayed to a user.
- Playing it too safe #1 - They will only allow you to send emails to domains you own or control. So if you have people working for you with access to your systems but they have a third-party email (e.g. vendor/contractor domain or Gmail) you won't be able to send simulations to those users.
- Playing it too safe #2 - While their email template library is large and inspired by real-world phishing emails, for legal reasons they avoid close imitation of real companies - including names, logos, sender, etc. As a result, you'll still find delivery notification email or Office365 look-alikes, but not truly impersonating real-world companies thus being less misleading.
- Gamification - I'm not aware of a phishing quiz or a game in their educational material. There is no mobile app for users to compete with their coworkers e.g. number of reported malicious emails, number of spotted simulated emails, etc.
May 04, 2020
Cofense PhishMe Review
- Wide range of templates, which are always updated and addressing threats organizations face today.
- Security teams use the information from Phish Reporter to implement countermeasures.
- Providing training materials that help to educate employees
- To provide a more convenient way to modify/change mail addresses
May 02, 2020
Cofense Phishing Awareness
- Scheduling campaigns
- User list management.
- Variety of templates.
- Community portal.
- Board report is not automated.
May 01, 2020
Cofense PhishMe became our 'Catch of the Day'
- PhishMe scenarios are based on real-world examples of malicious email reported through one of their other product offerings; Phishing Defense Center (PDC)
- Scenarios have the ability to be easily customized and changed to suit the needs of your own organization to make them more relevant. This increases the chance of a click or attachment opening providing a teachable moment with more users.
- Console is easy to navigate and use for all levels of technical ability. Not everyone on our team is technically inclined, however, the interface is easy to understand and obtain information from allowing everyone who uses it to be comfortable.
- Reporting capabilities from completed scenarios is quite good as long as you provide the detail on users during initial import or sync.
- There is only the ability to run one Playbook at a time. For larger enterprises that may have more than one organization they wish to target in different ways, this is a limitation that requires some clever workarounds.
- Despite the efforts of reporting and statistics to remove false clicks and multiple clicks from the same users, there are several times we have had to analyze raw data exports in Excel to verify (and correct) our final metrics for scenarios. Not a deal-breaker, however, does require a time investment.
- Adding/removing users to the PhishMe instance requires a ticket to be submitted to Support. There is no method in the instance for us to do this at our company.
May 01, 2020
My Cofense PhishMe Review
- Easy to manage templates
- Up to date information with real word examples
- Inexpensive
- Attachments are doc, xls, and ppt only, no newer formats
- Embedded pictures require download that is not online
- Repeat user report needs filtering options
January 29, 2020
Cofense PhishMe Review
- Relevant/current phishing scenarios.
- Great educational awareness.
- Does not integrate with Active Directory. You either have to upload a spreadsheet of users or utilize their recipient generator. Would be nice to have an API with AD.
- Doesn't allow us to spoof legitimate companies. The bad actors do this and other phishing platforms allow this as well. Cofense is legally scared to allow spoofing.