Cofense PhishMe - Trustwothy and reliable phishing simulation & education vendor
May 11, 2020
Cofense PhishMe - Trustwothy and reliable phishing simulation & education vendor
Score 10 out of 10
Vetted Review
Verified User
Overall Satisfaction with Cofense PhishMe
We use Cofense PhishMe globally across the whole organization of approx. 60k users. It is part of our security awareness program and through simulated phishing emails provides experiential learning to users. Through practice, they get better at spotting a suspicious email. We also use the Cofense Phishing Reporter button that gives a user a one-click way to report a suspicious email.
- Service - it isn't just another tool you need to operate. Cofense service includes an assigned professional who can advise, suggest, discuss with you the best approach for your user base, and operate the tool on your behalf.
- Multilingual - for a global company it is a must. We have simulated emails as well as educational material in multiple languages. Cofense PhishMe already has a lot of material in a number of languages, plus they can take care of translations into additional languages for you.
- Reporter button - with an add-on for Outlook (or other email clients) a user can report a suspicious email to their helpdesk with one click. In case of a simulated phishing email a report is not sent but rather a congratulation is displayed to a user.
- Playing it too safe #1 - They will only allow you to send emails to domains you own or control. So if you have people working for you with access to your systems but they have a third-party email (e.g. vendor/contractor domain or Gmail) you won't be able to send simulations to those users.
- Playing it too safe #2 - While their email template library is large and inspired by real-world phishing emails, for legal reasons they avoid close imitation of real companies - including names, logos, sender, etc. As a result, you'll still find delivery notification email or Office365 look-alikes, but not truly impersonating real-world companies thus being less misleading.
- Gamification - I'm not aware of a phishing quiz or a game in their educational material. There is no mobile app for users to compete with their coworkers e.g. number of reported malicious emails, number of spotted simulated emails, etc.
- Human sensors - with the Reporter button the company has a human agent in each user. IT learns fast about malicious emails making it through our gateways and can respond fast.
- Less prone to phishing - our click rate has gone down to a fraction of our original numbers resulting in fewer incidents, e.g. ransomware, compromised credentials, redirected money transfers, etc.
We haven't used another provider. However, we used our internal phishing simulation solution prior to contracting Cofense. The internal solution gives you more flexibility (you can send emails to any domain and can impersonate any company) but you'd be missing the Reporter button, professional service, multilingual material, comparison to and lessons learned from other customers, benchmarks, email templates.