Sophos Phish Threat

Additional features

Automated Phishing Attack Simulations

Automatically launches simulated phishing attacks to test employee vulnerability to various real-world phishing tactics, including spear-phishing and social engineering.

Hundreds of Realistic Templates

Provides a large library of phishing campaign templates (over 500 email threat templates) constantly updated by SophosLabs analysts based on the latest global threats and intelligence.

Multi-Scenario Campaigns

Offers diverse campaign scenarios ranging from beginner to expert, covering various attack types like credential harvesting, malware attachments, and suspicious links.

Multi-Language Support (9+ Languages)

Phishing simulation templates, training modules, and the user interface are available in at least nine languages (including English, German, French, Italian, Spanish, Portuguese, Korean, Japanese, and Traditional Chinese) to cater to diverse workforces.

Integrated Security Awareness Training Modules

Offers a collection of over 30 interactive and engaging training modules that cover essential security topics like identifying suspicious emails, credential harvesting, password strength, and regulatory compliance.

Automated On-the-Spot Training

Employees who fall for a simulated phishing attack are automatically enrolled in and receive immediate, targeted security awareness training to reinforce learning.

Sophos Central Unified Console

Managed entirely through Sophos Central, providing a single pane of glass to oversee phishing simulations and user training alongside other Sophos security products (endpoint, email, mobile, firewall, etc.).

Comprehensive Reporting Dashboard

Provides intuitive, on-demand reporting with at-a-glance campaign results, allowing administrators to understand organizational security health and demonstrate ROI.

Awareness Factor Data

Calculates and displays a live "Awareness Factor" to measure the overall risk level and security posture across the entire user group.

Key Reporting Metrics

Includes top-level campaign results, organizational trends of "caught" employees versus reporters, total users caught, testing coverage, and days since the last campaign.

Phish Threat Outlook Add-in (for Exchange and O365)

A convenient add-in that allows employees to report suspicious emails (simulated or real) with a single click, ensuring they go to the correct destination in the proper format.

Instant Feedback for Reported Phish

Provides immediate feedback to employees when they report a phishing simulation, reinforcing positive security behavior.

Sophos Synchronized Security Integration

Connects with Sophos Email Advanced to automatically identify "at-risk" users who have been warned or blocked from visiting malicious websites.

Targeted Training Enrollment

Automatically enrolls identified at-risk users into specific phishing simulations and training to improve their awareness and reduce organizational risk.

Customizable Campaigns

Allows organizations the flexibility to customize their own campaigns, testing criteria, email reminders, and quiz score tracking to meet specific needs.

Baseline Testing

Enables the creation of phishing campaigns without immediate training to establish a baseline of the organization's overall risk level (users are directed to a fake 404 page upon clicking).

User Template Variables

Add personalized variables (like recipient's first name, last name, email address) into email templates to make simulations more realistic.

Cloud-Based Service

Fully cloud-hosted, eliminating the need for on-premise hardware or software installation.

Unlimited Simulations per User

Offers unlimited tests and trainings per user within a single, per-user license type, simplifying pricing.

Active Directory (AD) Sync

Synchronize users and groups from Active Directory for simplified user management.

Multi-Region Hosting Options

Offers choice of international hosting regions (e.g., United States, Ireland, Germany) for data residency and compliance.

Free Trial

Provides a free trial period (e.g., 30 days) for potential users to test the software.