Don't admire your phishing problem - fix it with PhishMe
February 04, 2021

Don't admire your phishing problem - fix it with PhishMe

Jim Bowker | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with Cofense PhishMe

We use it across the entire organization. It helps people better understand their susceptibility. Everyone knows that phishing is bad and we shouldn't click on bad links, yet it still happens. No amount of annual awareness training will change that. Cofense PhishMe lets people know as soon as they fell for one that they too are susceptible.
  • Raw material - no need to go hunt out scenarios. There are plenty to choose from.
  • Software interface makes it easy to organize a campaign.
  • Reporting - it's easy to spot repeat offenders for additional phishing or individualized training.
  • We like to pass each campaign by a couple of people. While I can send a test to someone, a simple workflow approval would be nice.
  • You could automate user cleanup of inactive accounts a little better.
  • While difficult to convert risk reduction to a dollar amount, it has achieved the goals of measuring and reducing click rates.
  • Some users feel we are trying to "trick" them.
For reporter, we've used GoSecure IDR. KnowBe4 is probably the biggest paid competitor I've seen and tried a demo.

For opensource, things like GoPhish or the Social Engineering Toolkit within Kali Linux aren't bad. Both require more effort, so you either pay Cofense for ease of use or pay with your time for the others.
It works well for any company that wants to be able to measure and subsequently reduce phishing susceptibility rates. It's more suitable at places where users have a ton of free reign, like college professors, medical doctors, or high paid consultants. In locked down places with very little user autonomy, such as a bank, it might not be as helpful.