Overview
What is Cofense PhishMe?
Cofense PhishMe is a cyber threat and phishing simulator meant to be of use in training employees to be wary against threats and also to gain information about general employee threat knowledge and preparedness. A free trial is available for…
The best tool to go on a Phishing trip!
Cofense PhishMe? You reeled me in!
Cofense PhishMe from an MSSP view
The Most Comprehensive phishing system in the world.
Cofense PhishMe Review: Gone Phishing!
Cofense PhishMe - Review
Cofense PhishMe!! The AIO solution to your Phishing Campaigns and User Awareness
Cofense [PhishMe] at a Glance
Fantastic product for the price, robust feature set
Product review: Cofense PhishMe
Phishing simulation with a small team for a big company
PhishMe for Analyst
Cofense - Great Value & Even Better Product.
Cofense review based on BAU usage
Cofense PhishMe Review
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Pricing
What is Cofense PhishMe?
Cofense PhishMe is a cyber threat and phishing simulator meant to be of use in training employees to be wary against threats and also to gain information about general employee threat knowledge and preparedness. A free trial is available for small business.
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
34 people also want pricing
Alternatives Pricing
What is KnowBe4 Security Awareness Training?
KnowBe4 is a security awareness and compliance training and simulated social engineering platform. It is used by organizations worldwide to strengthen their security culture and reduce human risk. The platform includes a comprehensive suite of awareness and compliance training, real-time user…
What is CyberHoot?
CyberHoot is presented as a simple, fast and effective employee Security Training Platform from the company of the same name headquartered in Portsmouth. The platform includes 700+ Training Videos, 25+ Policy Templates, and Phish Testing.
Product Details
- About
- Competitors
- Tech Details
- Downloadables
- FAQs
What is Cofense PhishMe?
Cofense PhishMe™ is the flagship behavior conditioning, phishing awareness platform from Cofense™ which the vendor states is trusted by over 2500 enterprise customers across all verticals. Using simulated phishing emails, Cofense PhishMe conditions users to identify and report email-based threats that bypass secure email gateways and land in user inboxes. Cofense PhishMe uses experiential learning at the point of failure to reinforce positive security awareness behavior.
A phishing simulation program must reflect the real threat landscape. Cofense boasts a unique perspective on the threat landscape, with insights into threat actors & campaigns in the wild, together with unrivalled visibility of phishing threats that bypass existing security controls to reach the recipient inbox. Leveraging this perspective, Cofense PhishMe operationalizes real, active threats into realistic phishing scenarios to ensure program relevance. The vendor describes Cofense PhishMe as using intelligent automation, advanced algorithms, and embedded best practices to increase user engagement and reduce program planning, management, and execution overhead. Cofense PhishMe’s education library includes content created by its content team, as well as from 3rd party content vendors.
Cofense PhishMe has been rated as a leader in the Gartner Magic Quadrant for Security Awareness CBT Solutions and a Gartner peer insights Customer’ Choice security awareness vendor 2 years in a row.
Cofense PhishMe Features
- Supported: Real Threat & Secure Email Gateway Miss Templates – increase relevance of programs by simulating real threats observed to bypass common Secure Email Gateways
- Supported: Responsive Delivery – increase program engagement and eliminate global scheduling challenges by delivering simulation emails only when users are active in their mailbox
- Supported: Smart Suggest – advanced algorithms and embedded best practice provide program guidance based on industry relevance and program history.
- Supported: Recipient Sync - automates syncing of recipients from Azure Active Directory to PhishMe. Utilize Recipient Sync and Dynamic Groups for fully automated group management.
- Supported: Automated Playbooks – automate execution of a 12-month simulation program with just a few clicks.
- Supported: Comprehensive education catalog including content from leading third-party providers including NINJIO and AwareGo.
- Supported: Board Reports – executive level insight into program performance and changes in resiliency to phishing.
Cofense PhishMe Screenshots
Cofense PhishMe Video
Cofense PhishMe Competitors
- KnowBe4 Security Awareness Training
- Proofpoint/Wombat
- Ironscales
Cofense PhishMe Technical Details
Deployment Types | Software as a Service (SaaS), Cloud, or Web-Based |
---|---|
Operating Systems | Unspecified |
Mobile Application | No |
Supported Countries | Global |
Supported Languages | English - American, English – British, English – Australian, Afrikaans, Arabic, Chinese – Simplified, Chinese – Traditional, Czech, Danish, Dutch, Finnish, French, French – Canadian, German, Greek, Indonesian, Italian, Japanese, Korean, Norwegian, Polish, Portuguese, Brazilian Portuguese, Romanian, Russian, Serbian, Slovak, Spanish, Spanish – Latin American, Swedish, and Turkish |
Cofense PhishMe Downloadables
Frequently Asked Questions
Cofense PhishMe Customer Size Distribution
Consumers | 0% |
---|---|
Small Businesses (1-50 employees) | 4% |
Mid-Size Companies (51-500 employees) | 35% |
Enterprises (more than 500 employees) | 61% |
Comparisons
Compare with
Reviews and Ratings
(50)Community Insights
- Business Problems Solved
- Pros
- Cons
Cofense PhishMe is a versatile platform that addresses the growing concern of email-based attacks and helps organizations improve their cybersecurity. Users report suspicious emails directly from their email client using the Cofense PhishMe plugin, streamlining the process of identifying potential threats. The information security team then triages and analyzes the reported emails, leveraging the different fields provided by Cofense PhishMe to efficiently categorize and prioritize them for further investigation.
One key use case of Cofense PhishMe is its ability to simulate phishing scenarios, providing valuable insights into users' susceptibility to such attacks. This helps organizations better understand their employees' level of awareness and readiness in recognizing and reporting phishing scams or malicious emails. The platform offers a user-friendly interface that does not require extensive training, making it accessible to users across the organization.
Additionally, Cofense PhishMe helps track phishing attempts and enables users to easily report suspicious emails for further action. By automating the categorization of reported emails, the platform saves time and streamlines the analysis process. It also provides statistics that inform clients about the success of their user training efforts, empowering organizations to continually improve mail security awareness.
Furthermore, Cofense PhishMe plays a vital role in increasing users' recognition of legitimate versus fake or malicious emails. Through experiential learning and continuous training, it educates employees on how to detect phishing emails and utilize built-in reporter tools for effective triage. The platform is part of a comprehensive security awareness program that helps organizations demonstrate their commitment to protecting sensitive information and complying with regulatory requirements.
Overall, Cofense PhishMe is widely used by organizations seeking to enhance their email security defenses by empowering employees to proactively identify and report potential phishing threats. It provides automation, valuable insights, and user-friendly features that contribute to creating a more resilient cybersecurity posture.
User-Friendly Interface: Many users have praised the product for its friendly and intuitive user interface, making it easy to navigate and organize campaigns. It has been described as intuitive and has saved users time by allowing them to report phishing attempts with just a click of a button.
Customizability: The ability to customize the product has been highly valued by users. They appreciate the flexibility in creating automation rules and recipes to handle a large flow of reports. Users also mentioned that the product offers detailed whitelisting instructions and a wide variety of customizable templates.
Excellent Customer Support: Users have consistently praised the customer support provided by the company. They found the support to be great, with an outstanding account manager. Assigned professionals advising and suggesting the best approach for their user base was also appreciated. The availability of multilingual support was mentioned as a positive aspect for global companies.
Laggy Performance: Some users have reported experiencing significant laggy performance with the web version support, resulting in frustratingly slow upload and download rates for results and recipient lists. This issue has hindered their workflow efficiency and affected their overall experience with the software.
Limited Account Management: Users have expressed frustration with the limited capabilities of account management within the software. They feel that it could be improved by offering more automated features, such as user cleanup for inactive accounts. The current manual process is time-consuming and inconvenient for administrators.
Lack of Training Resources: Many users have voiced concerns about the lack of innovative training resources available in the software. They would like to see more options for customization, allowing them to tailor training materials to their specific needs. Additionally, users suggest that Cofense PhishMe should provide templates based on current trends in phishing attacks to enhance the effectiveness of their training programs and keep up with evolving threats in cybersecurity.
Attribute Ratings
Reviews
(1-25 of 28)The best tool to go on a Phishing trip!
- Playbooks
- Rules matching
- Risk Score
- IOC Matching
- Custom Triggers
- Custom Reports
Cofense PhishMe? You reeled me in!
- Gives a plethora of data
- Automation
- Metrics
- The ability to change templates on the fly. Not all emails fit a certain template and I would like to not have to reach out to a user separately but instead be able through Cofense.
Cofense PhishMe from an MSSP view
- Customisation
- Detailed whitelisting instructions
- Flexible scheduling options
- Good customer support
- Detailed and accurate statistics
- Cofense PhishMe could recommend current trends as templates
- There could be options to have multiple clients on one accounting for a basic shared service for clients who want a cheaper option
- A clearer dashboard that displays the statistics per scenario, and gives numbers of clicks/reports as well as the percentage, as the clients often want numbers as well as percentages
The Most Comprehensive phishing system in the world.
- Creating the Rule for know emails.
- Sending notification is very useful to forward the request to SOC team for analyzing.
- Running play book is very useful and easy to resolve the issue.
- In the matches we need more details.
- Creating rules is very difficult.
- YARA rules are not understandable.
Cofense PhishMe Review: Gone Phishing!
- Recipe and rule matching [...] enables an advanced method to target, filter, and take quicker action on suspicious emails.
- Clustering similar events [...] organize and save time on MTTD and MTTr for incidents and intervention.
- Parsing critical information such as IPs, Email addresses, and URLs to help aggregate all the information into 1 single pane.
- Email and HTML preview allow ease of visibility without having to download or find/fetch the original content.
- Many of the URLs come in with an unknown reputation and although it may be challenging from threat intel feeds, somehow allowing a more in-depth analysis of the URL can provide better/quicker decision making or validation.
- Adjustable widgets for reporting, although the provided are already built very well.
- Provide in-house templates or summaries of actionable items, such as a single brief on a major phish.
Cofense PhishMe - Review
- Process reported phishing emails
- Threat Intelligence
- Phishing Simulation
- AI in Cofense PhishMe protect
- Future products
- Integrations with other technologies
- Phishing Campaigns
- Historical Graphs for Phishing Campaigns
- Security Awareness Banners
- A better UI for which Cofense PhishMe is already working
- More region specific domains for phishing Campaigns
- More region specific scenarios for Phishing Campaigns
Cofense [PhishMe] at a Glance
- Education
- Filtering know bad.
- Responding to the reporter.
- Threat Intel API feeds.
- Sandbox
- User generated reporting.
Fantastic product for the price, robust feature set
- Quick response from triage.
- Simple and easy to use.
- Accurate
- More automation.
- Ability to work in non-outlook apps.
Product review: Cofense PhishMe
- Learning
- Phishing scenerios
- Awareness letters
- New content
- Innovative
- Resources for training
Phishing simulation with a small team for a big company
- Friendly UX.
- Huge selection of phishes.
- Ability to customize.
- Web version support - sometimes it's too laggy.
- Upload/download rate for results and recipient lists.
PhishMe for Analyst
We triage the suspicious/malicious reported emails thereby using the different fields it provides like headers, body, URLs, and attachments section. We write custom Yara rules for easy automation.
It addresses the main concern that emails have become a major vector for malicious attacks and making user awareness and after that catching the bad guys we need assistance from a Cofense PhishMe like tool.
- It gives clear-cut segregation of different parts of an email, header, text and HTML body, URL, attachments, HTML preview and some analytical insight like "similar reports." This distinctive approach actually helps reduce data overload during an analysis.
- The URLs captured here pass through an automatic reputation check [in our case VirusTotal] and add a tag of the reputation. If it is a well-known bad URL the tag helps us take the decision fast.
- For creating automation rules on the reported emails the "Recipes" section is really helpful. We can create easy recipes [or rules ] to handle a huge flow of reports and also we can create more sophisticated rules depending on the Cyber intelligence feed to catch the really bad currently less known attack attempts by malicious emails.
- The "Threat Indicators" section is also useful to use as a threat intelligence source to check the URLs for their maliciousness.
- Need to add more OSINT APIs to check the reputation of embedded URLs and the hash of attached files.
- "Screen Capture" of the embedded URL links [after clicking on the embedded URL where the URL takes the user] will be really helpful for triaging basic credential harvesting attack scenarios.
- Integration of ProofPoint email gateway to Phishme triage will help us determine the number of email flow from a suspicious sender. This will reduce the requirement of opening another console just to check the number of emails from a particular sender.
- Large to small-scale organizations with a dedicated information security team.
- The admin team will get acquainted with the organization's email trends, user behaviors, false Positive scenarios, and real attack concerns.
Less Appropriate:
- Service provider companies handling multiple clients.
- There is no approach for client segregation in PhishMe so this may create some kind of confusion when triaging multiple different organizational client's reported emails on a single pane.
Cofense - Great Value & Even Better Product.
- Easy to Navigate GUI - easy to create and run scenarios
- In depth reporting - Ability to provide detailed reports by department, title, etc. for follow-up training
- Adoption of new technology - new additions such as Responsive Delivery and Recipient Sync allow less overhead for running scenarios
- Introduction of new templates - new templates being introduced all the time to keep up with currently seen campaigns
- Completely switching to the new UI - Most is redesigned, but some old elements remain
- Ability to spoof known brands - limited in scope now and you are not allowed to use fully "convincing" campaigns that we are seeing in the wild
- Ability to own and manage own domains - right now adding a new company domain requires a ticket, allow us to add/verify ourselves
- Provides a easy to use platform for running campaigns to employees
- Includes ability to deploy Reporter - Outlook plugin for employees to report suspicious emails for validation
- In depth reporting and ability to track all aspects of campaign and answers
- Provides LMS content and CBT Modules
Cofense review based on BAU usage
- Email analysis
- Simulation of phishing emails
- User awareness
- Visibility on how the IOC contribution from my orgn. is being used across the ecosystem.
- The simulation portal feels outdated.
- The reporting part could be better.
Cofense PhishMe Review
- Phishing templates: variety and customization
- Multi-language training
- Personal support
- More specific training CBT modules by function, e.g. legal/finance/sales/software development
- Well suited: Seamless integration into our in-house training platform
- Well suited: Templates for phishing simulations - in particular by geographic region
- Less appropriate: specific training for software developers/programmers
Great Phishing simulation provider
- Updated templates for phishing exercises
- Great customer service and support
- Great scenario summary reports
- Nice interface /dashboard on web site.
- Self service to download pdf's for education material
- Would like to see more Awareness newsletters
- Self service customization of training materials.
- We have an outstanding account manager
- The industry benchmarking and use of scenarios pulled from successful real world attacks helps to increase the validity of the phishing simulation programme.
- Running simulations with the support of the team is straightforward.
- UX
- Reporting and analytics - develop user dashboards and profiles
- Interactive training and development
PhishMe would be great for smaller organizations with simpler system architecture and rules.
We're currently working with PhishMe to develop better user pathways and a smoother user experience, particularly in relation to automating user feedback and enhancing the education streams.
Cofense PhishMe: Phishing simulator
- Setting up campaigns is easy.
- There are lots of examples that can be built from.
- The training if a user falls for the phishing is well thought out and presented.
- Account management could be done better. Removing users is a good example.
Don't admire your phishing problem - fix it with PhishMe
- Raw material - no need to go hunt out scenarios. There are plenty to choose from.
- Software interface makes it easy to organize a campaign.
- Reporting - it's easy to spot repeat offenders for additional phishing or individualized training.
- We like to pass each campaign by a couple of people. While I can send a test to someone, a simple workflow approval would be nice.
- You could automate user cleanup of inactive accounts a little better.
- Service - it isn't just another tool you need to operate. Cofense service includes an assigned professional who can advise, suggest, discuss with you the best approach for your user base, and operate the tool on your behalf.
- Multilingual - for a global company it is a must. We have simulated emails as well as educational material in multiple languages. Cofense PhishMe already has a lot of material in a number of languages, plus they can take care of translations into additional languages for you.
- Reporter button - with an add-on for Outlook (or other email clients) a user can report a suspicious email to their helpdesk with one click. In case of a simulated phishing email a report is not sent but rather a congratulation is displayed to a user.
- Playing it too safe #1 - They will only allow you to send emails to domains you own or control. So if you have people working for you with access to your systems but they have a third-party email (e.g. vendor/contractor domain or Gmail) you won't be able to send simulations to those users.
- Playing it too safe #2 - While their email template library is large and inspired by real-world phishing emails, for legal reasons they avoid close imitation of real companies - including names, logos, sender, etc. As a result, you'll still find delivery notification email or Office365 look-alikes, but not truly impersonating real-world companies thus being less misleading.
- Gamification - I'm not aware of a phishing quiz or a game in their educational material. There is no mobile app for users to compete with their coworkers e.g. number of reported malicious emails, number of spotted simulated emails, etc.
Cofense PhishMe Review
- Wide range of templates, which are always updated and addressing threats organizations face today.
- Security teams use the information from Phish Reporter to implement countermeasures.
- Providing training materials that help to educate employees
- To provide a more convenient way to modify/change mail addresses
In proposed templates different languages can be used.
Cofense Phishing Awareness
- Scheduling campaigns
- User list management.
- Variety of templates.
- Community portal.
- Board report is not automated.
Cofense PhishMe became our 'Catch of the Day'
- PhishMe scenarios are based on real-world examples of malicious email reported through one of their other product offerings; Phishing Defense Center (PDC)
- Scenarios have the ability to be easily customized and changed to suit the needs of your own organization to make them more relevant. This increases the chance of a click or attachment opening providing a teachable moment with more users.
- Console is easy to navigate and use for all levels of technical ability. Not everyone on our team is technically inclined, however, the interface is easy to understand and obtain information from allowing everyone who uses it to be comfortable.
- Reporting capabilities from completed scenarios is quite good as long as you provide the detail on users during initial import or sync.
- There is only the ability to run one Playbook at a time. For larger enterprises that may have more than one organization they wish to target in different ways, this is a limitation that requires some clever workarounds.
- Despite the efforts of reporting and statistics to remove false clicks and multiple clicks from the same users, there are several times we have had to analyze raw data exports in Excel to verify (and correct) our final metrics for scenarios. Not a deal-breaker, however, does require a time investment.
- Adding/removing users to the PhishMe instance requires a ticket to be submitted to Support. There is no method in the instance for us to do this at our company.
We have yet to find a scenario where Cofense PhishMe is less appropriate since we only have our previous solution to compare it to.
My Cofense PhishMe Review
- Easy to manage templates
- Up to date information with real word examples
- Inexpensive
- Attachments are doc, xls, and ppt only, no newer formats
- Embedded pictures require download that is not online
- Repeat user report needs filtering options
Cofense PhishMe Review
- Relevant/current phishing scenarios.
- Great educational awareness.
- Does not integrate with Active Directory. You either have to upload a spreadsheet of users or utilize their recipient generator. Would be nice to have an API with AD.
- Doesn't allow us to spoof legitimate companies. The bad actors do this and other phishing platforms allow this as well. Cofense is legally scared to allow spoofing.