Catch Fake Emails with PhishER!
Updated September 13, 2024
Catch Fake Emails with PhishER!
Score 10 out of 10
Vetted Review
Verified User
Overall Satisfaction with KnowBe4 PhishER/PhishER Plus
PhishER is one of the primary tools we use to combat phishing emails and users potentially getting viruses. We do our best to train our users to click on the PAB (Phish Alert Button) whenever they see a suspicious email. We stress security by using 2FA, changing passwords on a regular basis, and teaching people to "think before they click".
We've got great buy-in from most management regarding issues like this as well. The best part of the software is being able to run queries on submitted emails and then quarantining and deleting said emails.
We've got great buy-in from most management regarding issues like this as well. The best part of the software is being able to run queries on submitted emails and then quarantining and deleting said emails.
Pros
- Allows the removal of Malicious Emails
- Groups similar emails into categories for email reporting
- Also allows you to see who has submitted the most phishing/spam/clean emails within reports.
Cons
- GUI Based search rules, the current way to create rules for specific the current way to create a rule is using "yara" conditions, which for someone that is not familiar with them can be cumbersome.
- A wider way to find similar messages. Currently you have to choose from 2 of 5 options, and you don't always find malicious emails when using just subject/sender (when the sender is clearly the same for a targeted phishing campaign).
- SOMETIMES the speed with which a submitted email hit's the PhishER Inbox can be longer than I would like (closer to an hour) and others it is within seconds.
- It has allowed us to free up time and allow us to focus on other security issues.
- Helps to cut down on the amount of phishing related security issues internally.
- Lets us rest easy when end-users submit emails knowing they're clearly phishing emails.
The service helps us to determine when there may actually be an active phishing campaign going on targeting our company. We have some "basic" rules setup that will allow us to determine when someone submits an email that is SPAM/CLEAN/or a THREAT and we'll take action as needed.
Our organization has implemented PhishML and PhishRIP. Everytime we've tried to implement the blocklist, we wind up getting errors and delays when someone actually submits an email for review to us and we wind up having to reset the whole connection to Office 365. PhishFlip is something that we're still investigating to see if/how that would benefit us internally though.
PhishML is something that helps to automatically determine the confidence of an email. We've had to turn the "clean" confidence down since we saw early on that it was marking threats as clean.
PhishRIP is (in my opinion) the best feature of PhishER. We can run queries on submitted emails and remove them from mailboxes with only a few simple clicks.
PhishRIP is (in my opinion) the best feature of PhishER. We can run queries on submitted emails and remove them from mailboxes with only a few simple clicks.
- Arctic Wolf Managed Detection and Response, BlackBerry Optics (CylanceOPTICS), BlackBerry Protect (CylancePROTECT) and KnowBe4 Security Awareness Training
We chose KnowBe4 based on the variety phish testing templates, variety of training, and ease of use for us as administrators. Plus they present things in a way that a non-technical person can understand when they are taking a training module. The integration with PhishER is a massive bonus as well.
Do you think KnowBe4 PhishER/PhishER Plus delivers good value for the price?
Yes
Are you happy with KnowBe4 PhishER/PhishER Plus's feature set?
Yes
Did KnowBe4 PhishER/PhishER Plus live up to sales and marketing promises?
Yes
Did implementation of KnowBe4 PhishER/PhishER Plus go as expected?
Yes
Would you buy KnowBe4 PhishER/PhishER Plus again?
Yes
KnowBe4 PhishER/PhishER Plus Feature Ratings
Configuring KnowBe4 PhishER/PhishER Plus
When setting up PhishML, we ran into an issue early on that was classifying potentially malicious/spam emails as Clean, which caused us to have to go in and manually re-classify a few of the early submissions. To remedy this, we've since modified the "Clean" option of PhishML and set it lower than the rest. If something comes in that is SPAM (or Clean) we can easily over ride it using one of our pre-set Actions.
No - we have not done any customization to the interface
No - we have not done any custom code
Pretty straight forward and simple configuration and setup. Make sure to follow the guides (provided by KnowBe4) and you'll be good to go in a matter of minutes!
Using KnowBe4 PhishER/PhishER Plus
3 - Only 3 of us use the PhishER portal, and we're the ones from the IT Department. Our job is to make sure that things are being classified correctly, and when necessary, running queries to remove malicious/spam emails.
As far as the rest of the organization (about 160 users) they all use the Phish Alert Button to report suspicious emails to us.
As far as the rest of the organization (about 160 users) they all use the Phish Alert Button to report suspicious emails to us.
3 - Our main IT department are the users that support PhishER on a regular basis.
- Removing Malicious Emails
- Removing "Spam" emails (so that others don't report them)
- Preventing the spread of Emails that can capture credentials and lead to a potential incident
- Someone accidentally sent an email out to the whole company containing Confidential/Personal information and we used the service to delete that email from everyone
- Getting a better insight into who is actually reading their mailboxes closely
- Trying to get better integration on Mobile
- Getting more people to use it and take email security seriously
Comments
Please log in to join the conversation