Skip to content

Phish Threat

Phish Threat lets you test your users' response to phishing campaigns.

Sophos Phish Threat allows you to simulate phishing attacks and assess how your users respond to them. It also allows you to distribute anti-phishing training to your users.

To use Phish Threat, the key steps are as follows:

  • Allow the domains, URLs, and IP addresses that Phish Threat uses to make sure your Phish Threat campaigns are delivered successfully. See Set up Phish Threat for M365 environments.
  • Verify your domains. You must do this to use your users' email addresses in simulated phishing campaigns. See Verify domains.

    You must be a Super Admin to verify your domains.

  • Create a simulated phishing attack campaign or series. See Campaigns.

  • Review your campaigns and their results. See Campaign overview.

Note

Phish Threat is supported on Google Chrome. We recommend that you always run an up-to-date version.

Find out the frequently asked questions about Phish Threat. See Phish Threat FAQs.